Loading ...

Play interactive tourEdit tour

Analysis Report SKMBT_C284e20041410330.exe

Overview

General Information

Sample Name:SKMBT_C284e20041410330.exe
MD5:be5b3246523f49207c34223d5207a35c
SHA1:537ca33f9399c6196ea38e4e6e3e8e9695ac5d20
SHA256:b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected GuLoader
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Hides threads from debuggers
Sleep loop found (likely to delay execution)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • SKMBT_C284e20041410330.exe (PID: 5148 cmdline: 'C:\Users\user\Desktop\SKMBT_C284e20041410330.exe' MD5: BE5B3246523F49207C34223D5207A35C)
    • SKMBT_C284e20041410330.exe (PID: 4388 cmdline: 'C:\Users\user\Desktop\SKMBT_C284e20041410330.exe' MD5: BE5B3246523F49207C34223D5207A35C)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: SKMBT_C284e20041410330.exe PID: 5148JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    Process Memory Space: SKMBT_C284e20041410330.exe PID: 4388JoeSecurity_GuLoaderYara detected GuLoaderJoe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for domain / URLShow sources
      Source: cor.sehablae.comVirustotal: Detection: 7%Perma Link
      Source: https://cor.sehablae.com/mnaa.binVirustotal: Detection: 10%Perma Link
      Multi AV Scanner detection for submitted fileShow sources
      Source: SKMBT_C284e20041410330.exeVirustotal: Detection: 24%Perma Link
      Source: SKMBT_C284e20041410330.exeReversingLabs: Detection: 10%

      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 4x nop then cld 0_2_01F12583
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 4x nop then clc 0_2_01F12521
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 4x nop then clc 3_2_00562521
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 4x nop then cld 3_2_00562583

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49748 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49748 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49748 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49748 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49749 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49749 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49749 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49749 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49750 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49750 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49750 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49750 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49751 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49751 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49751 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49751 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49751
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49752 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49752 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49752 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49752 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49752
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49753 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49753 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49753 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49753 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49753
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49754 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49754 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49754 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49754 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49754
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49755 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49755 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49755 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49755 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49755
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49756 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49756 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49756 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49756 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49756
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49757 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49757 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49757 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49757 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49757
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49758 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49758 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49758 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49758 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49758
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49759 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49759 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49759 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49759 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49759
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49760 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49760 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49760 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49760 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49760
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49761 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49761 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49761 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49761 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49761
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49762 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49762 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49762 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49762 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49762
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49763 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49763 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49763 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49763 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49763
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49764 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49764 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49764 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49764 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49764
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49765 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49765 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49765 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49765 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49765
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49766 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49766 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49766 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49766 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49766
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49767 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49767 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49767 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49767 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49767
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49768 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49768 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49768 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49768 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49768
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49769 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49769 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49769 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49769 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49769
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49770 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49770 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49770 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49770 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49770
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49771 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49771 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49771 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49771 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49771
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49772 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49772 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49772 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49772 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49772
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49773 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49773 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49773 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49773 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49773
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49774 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49774 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49774 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49774 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49774
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49775 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49775 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49775 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49775 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49775
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49776 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49776 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49776 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49776 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49776
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49777 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49777 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49777 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49777 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49777
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49778 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49778 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49778 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49778 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49778
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49779 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49779 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49779 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49779 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49779
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49780 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49780 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49780 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49780 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49780
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49781 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49781 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49781 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49781 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49781
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49782 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49782 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49782 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49782 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49782
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49783 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49783 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49783 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49783 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49783
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49784 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49784 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49784 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49784 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49784
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49785 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49785 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49785 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49785 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49785
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49786 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49786 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49786 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49786 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49786
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49787 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49787 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49787 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49787 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49787
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49788 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49788 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49788 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49788 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49788
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49789 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49789 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49789 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49789 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49789
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49790 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49790 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49790 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49790 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49790
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49791 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49791 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49791 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49791 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49791
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49792 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49792 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49792 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49792 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49792
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49793 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49793 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49793 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49793 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49793
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49794 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49794 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49794 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49794 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49794
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49795 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49795 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49795 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49795 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49795
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49796 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49796 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49796 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49796 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49796
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49797 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49797 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49797 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49797 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49797
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49798 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49798 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49798 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49798 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49798
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49799 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49799 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49799 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49799 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49799
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49800 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49800 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49800 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49800 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49800
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49801 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49801 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49801 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49801 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49801
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49802 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49802 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49802 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49802 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49802
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49803 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49803 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49803 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49803 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49803
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49804 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49804 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49804 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49804 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49804
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49805 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49805 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49805 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49805 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49805
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49806 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49806 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49806 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49806 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49806
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49807 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49807 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49807 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49807 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49807
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49808 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49808 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49808 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49808 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49808
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49809 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49809 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49809 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49809 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49809
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49810 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49810 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49810 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49810 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49810
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49811 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49811 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49811 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49811 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49811
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49812 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49812 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49812 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49812 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49812
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49813 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49813 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49813 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49813 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49813
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49814 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49814 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49814 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49814 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49814
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49815 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49815 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49815 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49815 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49815
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49816 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49816 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49816 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49816 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49816
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49817 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49817 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49817 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49817 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49817
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49818 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49818 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49818 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49818 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49818
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49819 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49819 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49819 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49819 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49819
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49820 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49820 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49820 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49820 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49820
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49821 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49821 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49821 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49821 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49821
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49822 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49822 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49822 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49822 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49822
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49823 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49823 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49823 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49823 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49823
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49824 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49824 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49824 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49824 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49824
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49825 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49825 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49825 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49825 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49825
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49826 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49826 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49826 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49826 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49826
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49827 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49827 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49827 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49827 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49827
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49828 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49828 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49828 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49828 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49828
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49829 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49829 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49829 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49829 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49829
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49830 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49830 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49830 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49830 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49830
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49831 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49831 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49831 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49831 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49831
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49832 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49832 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49832 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49832 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49832
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49833 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49833 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49833 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49833 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49833
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49834 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49834 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49834 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49834 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49834
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49835 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49835 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49835 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49835 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49835
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49836 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49836 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49836 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49836 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49836
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49837 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49837 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49837 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49837 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49837
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49838 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49838 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49838 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49838 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49838
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49839 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49839 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49839 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49839 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49839
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49840 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49840 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49840 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49840 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49840
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49841 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49841 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49841 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49841 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49841
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49842 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49842 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49842 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49842 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49842
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49843 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49843 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49843 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49843 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49843
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49844 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49844 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49844 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49844 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49844
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49845 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49845 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49845 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49845 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49845
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49846 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49846 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49846 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49846 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49846
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49847 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49847 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49847 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49847 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 193.142.59.105:80 -> 192.168.2.5:49847
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49848 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49848 -> 193.142.59.105:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49848 -> 193.142.59.105:80
      Source: Joe Sandbox ViewASN Name: unknown unknown
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 176Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 176Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: global trafficHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 149Connection: close
      Source: unknownDNS traffic detected: queries for: cor.sehablae.com
      Source: unknownHTTP traffic detected: POST /mana/logs/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: puppuslog.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: DF310A32Content-Length: 176Connection: close
      Source: SKMBT_C284e20041410330.exe, 00000003.00000002.1387104400.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://cor.sehablae.com/mnaa.bin
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747

      Source: SKMBT_C284e20041410330.exe, 00000000.00000002.889756297.00000000007E0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeProcess Stats: CPU usage > 98%
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F129F9 NtProtectVirtualMemory,0_2_01F129F9
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F12D7D NtResumeThread,0_2_01F12D7D
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F1016F EnumWindows,NtSetInformationThread,TerminateProcess,0_2_01F1016F
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F10F2F NtWriteVirtualMemory,0_2_01F10F2F
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F12DAF NtResumeThread,0_2_01F12DAF
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F11196 NtWriteVirtualMemory,0_2_01F11196
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F12D83 NtResumeThread,0_2_01F12D83
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F10F58 NtWriteVirtualMemory,0_2_01F10F58
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_0056144A LdrInitializeThunk,NtProtectVirtualMemory,3_2_0056144A
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00560D48 CreateThread,TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory,3_2_00560D48
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00562D7D NtSetInformationThread,3_2_00562D7D
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_0056016F EnumWindows,NtSetInformationThread,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,3_2_0056016F
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_005613D8 Sleep,NtProtectVirtualMemory,3_2_005613D8
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_005629F9 NtProtectVirtualMemory,3_2_005629F9
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00560DA7 RtlAddVectoredExceptionHandler,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory,3_2_00560DA7
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00560311 LdrInitializeThunk,NtProtectVirtualMemory,3_2_00560311
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_0056033A NtProtectVirtualMemory,3_2_0056033A
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00562D83 NtSetInformationThread,3_2_00562D83
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 3_2_00562DAF NtSetInformationThread,3_2_00562DAF
      Source: SKMBT_C284e20041410330.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: SKMBT_C284e20041410330.exe, 00000000.00000002.888570837.000000000041A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameStockholm4.exe vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exe, 00000000.00000002.890889169.0000000001F00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exe, 00000003.00000002.1387877489.00000000022C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exe, 00000003.00000000.887840520.000000000041A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameStockholm4.exe vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exe, 00000003.00000002.1389513497.000000001EE20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exeBinary or memory string: OriginalFilenameStockholm4.exe vs SKMBT_C284e20041410330.exe
      Source: SKMBT_C284e20041410330.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@165/2
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1002\4216a73197943a17d1161a6bdc4512b0_59407d34-c8c5-44df-a766-ba8a11cb1cb0Jump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeMutant created: \Sessions\1\BaseNamedObjects\F7EE0CF1CF93AA2F06F12A09
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile created: C:\Users\user\AppData\Local\Temp\~DFE97B597CD557C6C2.TMPJump to behavior
      Source: SKMBT_C284e20041410330.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: SKMBT_C284e20041410330.exeVirustotal: Detection: 24%
      Source: SKMBT_C284e20041410330.exeReversingLabs: Detection: 10%
      Source: unknownProcess created: C:\Users\user\Desktop\SKMBT_C284e20041410330.exe 'C:\Users\user\Desktop\SKMBT_C284e20041410330.exe'
      Source: unknownProcess created: C:\Users\user\Desktop\SKMBT_C284e20041410330.exe 'C:\Users\user\Desktop\SKMBT_C284e20041410330.exe'
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeProcess created: C:\Users\user\Desktop\SKMBT_C284e20041410330.exe 'C:\Users\user\Desktop\SKMBT_C284e20041410330.exe' Jump to behavior
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: Process Memory Space: SKMBT_C284e20041410330.exe PID: 5148, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SKMBT_C284e20041410330.exe PID: 4388, type: MEMORY
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_0040791D push es; iretd 0_2_0040791E
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_004053CE push edx; retf 0_2_004053CF
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F1016F push FFFFFF97h; iretd 0_2_01F11A2B
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F1308E pushfd ; ret 0_2_01F1308F
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: 0_2_01F11A14 push FFFFFF97h; iretd 0_2_01F11A2B
      Source: C:\Users\user\Desktop\SKMBT_C284e20041410330.exeCode function: